ID

VAR-202004-0530


CVE

CVE-2020-12243


TITLE

OpenLDAP Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084

DESCRIPTION

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. ========================================================================= Ubuntu Security Notice USN-4352-2 May 06, 2020 openldap vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: OpenLDAP could be made to crash if it received specially crafted network traffic. Software Description: - openldap: Lightweight Directory Access Protocol Details: USN-4352-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm2 Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.10 In general, a standard system update will make all the necessary changes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat 3scale API Management 2.10.0 security update and release Advisory ID: RHSA-2021:1129-01 Product: 3scale API Management Advisory URL: https://access.redhat.com/errata/RHSA-2021:1129 Issue date: 2021-04-07 CVE Names: CVE-2018-20843 CVE-2019-5094 CVE-2019-5188 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 CVE-2019-15903 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-19126 CVE-2019-19532 CVE-2019-19956 CVE-2019-20388 CVE-2019-20907 CVE-2020-0427 CVE-2020-1971 CVE-2020-6829 CVE-2020-7053 CVE-2020-7595 CVE-2020-8177 CVE-2020-9283 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-12723 CVE-2020-14040 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 ===================================================================== 1. Summary: A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management /2.10/html-single/installing_3scale/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-19126 https://access.redhat.com/security/cve/CVE-2019-19532 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7053 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-9283 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25645 https://access.redhat.com/security/cve/CVE-2020-25656 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/cve/CVE-2021-20265 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYG71etzjgjWX9erEAQjNixAAhj8zh6eSiTxd4KgsaKl8WPwqE4xxDh1f 0UZ8n0GcAAedgOaSxFFc81Khc40Ki/AgUBNscwdLKVrlqDcBHStpQIAhThzIqtfq OAirtdRE/HOC9TjcR4OV5TTdjGt8A9oZh34OHidQQQEsxHF26BPJ9IdGDV6BGdVi EQZFcZUFYLgLqca1AcFTC46+SqK1J4Gn6cp7fQ5GOTc6umUQqzU4xk9WFcAcjNWg v1Fo1ZYiil3BMJC3hQmwXm2HCpoq+Ckri3BrRHsCk2CwxJgAZcgDqxUXkD/4B5OE j9wswGPziSY0DE+vqR5CK393ZT0WrLj+xUgVnn5cd8XyAroybSVgjJ4lKXyyzCQY TS3an5vcxZJZK9DfLV/xWt+aOuQ1JIz3FIFQgSHgWqlfszptg2bn4GW2D05VmEV7 NwEma9bjWG6Tr2eyUqNmddVFIlEN+VoGZMBgiKLj5pUFe+Zlp5T76jIXntPdOVgX nKsil2BMrponU2iIMi7Lkp0yRUKPv8uTTZvfYqtM56U6PXygzC6y+80kfHm6YwRI NHS7zFxxmsi3Vqo2iN4SfOM75oekIsEjt0s+AD/G+/Jc/2MLa8lMUKpWuutrDzrE s0gqHMQek8Oj/F1PFoQsSg5K5vwjwqM7NCY6VOQ14YtZeFcfasOemSehzotlOm2e ifeFFW4W/6s= =Uuda -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. The advisory addresses the following issues: * Re-release of odo-init-image 1.1.3 for security updates 3. Solution: Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. For the oldstable distribution (stretch), this problem has been fixed in version 2.4.44+dfsg-5+deb9u4. For the stable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u2. We recommend that you upgrade your openldap packages. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ I43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ ki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv Ju4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/ 5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n FilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty HKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v 0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9 0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk p55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw LZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg= =K3JD -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // PACKETSTORM: 157602 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161916 // PACKETSTORM: 157601 // PACKETSTORM: 159552 // PACKETSTORM: 168811

AFFECTED PRODUCTS

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:11

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.0

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:openldapmodel:openldapscope:ltversion:2.4.50

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:openldapmodel:openldapscope:eqversion:2.4.50

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12243
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005084
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2326
value: HIGH

Trust: 0.6

VULHUB: VHN-164902
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005084
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-164902
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12243
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005084
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-164902 // JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 157602 // PACKETSTORM: 157601 // CNNVD: CNNVD-202004-2326

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2326

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005084

PATCH

title:[SECURITY] [DLA 2199-1] openldap security updateurl:https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html

Trust: 0.8

title:DSA-4666url:https://www.debian.org/security/2020/dsa-4666

Trust: 0.8

title:Issue#9248url:https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES

Trust: 0.8

title:ITS#9202 limit depth of nested filtersurl:https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440

Trust: 0.8

title:Issue 9202url:https://bugs.openldap.org/show_bug.cgi?id=9202

Trust: 0.8

title:OpenLDAP Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118093

Trust: 0.6

title:Red Hat: Moderate: openldap security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204041 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openldap vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-1

Trust: 0.1

title:Ubuntu Security Notice: openldap vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-2

Trust: 0.1

title:Debian Security Advisories: DSA-4666-1 openldap -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb4df889a45e12b120ab07487d89cbed

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1539url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1539

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39

Trust: 0.1

title:Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

sources: VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326

EXTERNAL IDS

db:NVDid:CVE-2020-12243

Trust: 3.3

db:PACKETSTORMid:157602

Trust: 0.8

db:PACKETSTORMid:161916

Trust: 0.8

db:PACKETSTORMid:162130

Trust: 0.8

db:PACKETSTORMid:162142

Trust: 0.8

db:JVNDBid:JVNDB-2020-005084

Trust: 0.8

db:CNNVDid:CNNVD-202004-2326

Trust: 0.7

db:PACKETSTORMid:161727

Trust: 0.7

db:PACKETSTORMid:159347

Trust: 0.7

db:PACKETSTORMid:159553

Trust: 0.7

db:ICS CERTid:ICSA-22-116-01

Trust: 0.7

db:AUSCERTid:ESB-2021.1207

Trust: 0.6

db:AUSCERTid:ESB-2020.1637

Trust: 0.6

db:AUSCERTid:ESB-2021.2604

Trust: 0.6

db:AUSCERTid:ESB-2021.0845

Trust: 0.6

db:AUSCERTid:ESB-2020.1742.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3631

Trust: 0.6

db:AUSCERTid:ESB-2020.1742

Trust: 0.6

db:AUSCERTid:ESB-2020.1458

Trust: 0.6

db:AUSCERTid:ESB-2021.0986

Trust: 0.6

db:AUSCERTid:ESB-2020.3535

Trust: 0.6

db:AUSCERTid:ESB-2021.1193

Trust: 0.6

db:AUSCERTid:ESB-2020.1569

Trust: 0.6

db:AUSCERTid:ESB-2020.1613

Trust: 0.6

db:PACKETSTORMid:159552

Trust: 0.2

db:PACKETSTORMid:157601

Trust: 0.2

db:CNVDid:CNVD-2020-27485

Trust: 0.1

db:VULHUBid:VHN-164902

Trust: 0.1

db:VULMONid:CVE-2020-12243

Trust: 0.1

db:PACKETSTORMid:168811

Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 157602 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161916 // PACKETSTORM: 157601 // PACKETSTORM: 159552 // PACKETSTORM: 168811 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 2.1

url:https://usn.ubuntu.com/4352-1/

Trust: 1.9

url:https://git.openldap.org/openldap/openldap/-/blob/openldap_rel_eng_2_4/changes

Trust: 1.8

url:https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200511-0003/

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4666

Trust: 1.8

url:https://bugs.openldap.org/show_bug.cgi?id=9202

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html

Trust: 1.8

url:https://usn.ubuntu.com/4352-2/

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12243

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1742.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3535/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1458/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1569/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01

Trust: 0.6

url:https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html

Trust: 0.6

url:https://support.apple.com/en-us/ht211289

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0986

Trust: 0.6

url:https://vigilance.fr/vulnerability/openldap-denial-of-service-via-search-filters-32124

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1207

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0845

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2604

Trust: 0.6

url:https://packetstormsecurity.com/files/159347/red-hat-security-advisory-2020-4041-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157602/ubuntu-security-notice-usn-4352-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1637/

Trust: 0.6

url:https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1613/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1193

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3631/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1742/

Trust: 0.6

url:https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.3

url:https://usn.ubuntu.com/4352-1

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-12652

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14973

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12652

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-5313

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/674.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4041

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01

Trust: 0.1

url:https://usn.ubuntu.com/4352-2

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3156

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-5313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25645

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25656

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7053

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8177

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6829

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.48+dfsg-1ubuntu1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1240

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20386

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18874

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4254

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18874

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openldap

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 157602 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161916 // PACKETSTORM: 157601 // PACKETSTORM: 159552 // PACKETSTORM: 168811 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

CREDITS

Red Hat

Trust: 1.0

sources: PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161916 // PACKETSTORM: 159552 // CNNVD: CNNVD-202004-2326

SOURCES

db:VULHUBid:VHN-164902
db:VULMONid:CVE-2020-12243
db:JVNDBid:JVNDB-2020-005084
db:PACKETSTORMid:157602
db:PACKETSTORMid:162142
db:PACKETSTORMid:162130
db:PACKETSTORMid:161916
db:PACKETSTORMid:157601
db:PACKETSTORMid:159552
db:PACKETSTORMid:168811
db:CNNVDid:CNNVD-202004-2326
db:NVDid:CVE-2020-12243

LAST UPDATE DATE

2024-11-11T21:24:41.865000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164902date:2022-04-29T00:00:00
db:VULMONid:CVE-2020-12243date:2022-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005084date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2326date:2022-04-27T00:00:00
db:NVDid:CVE-2020-12243date:2022-04-29T13:24:38.527

SOURCES RELEASE DATE

db:VULHUBid:VHN-164902date:2020-04-28T00:00:00
db:VULMONid:CVE-2020-12243date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-005084date:2020-06-05T00:00:00
db:PACKETSTORMid:157602date:2020-05-07T15:33:32
db:PACKETSTORMid:162142date:2021-04-09T15:06:13
db:PACKETSTORMid:162130date:2021-04-08T14:00:00
db:PACKETSTORMid:161916date:2021-03-22T15:36:55
db:PACKETSTORMid:157601date:2020-05-07T15:33:27
db:PACKETSTORMid:159552date:2020-10-14T16:52:12
db:PACKETSTORMid:168811date:2020-04-28T19:12:00
db:CNNVDid:CNNVD-202004-2326date:2020-04-28T00:00:00
db:NVDid:CVE-2020-12243date:2020-04-28T19:15:12.267