What is CVE-2020-36222?

CVE-2020-36222 is a vulnerability in N/a. Published 2021-01-25.

Is CVE-2020-36222 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

EPSS: 0.777 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 (x_refsource_MISC)
bugs.openldap.org/show_bug.cgi (x_refsource_MISC)
git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bb… (x_refsource_MISC)
git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1… (x_refsource_MISC)
bugs.openldap.org/show_bug.cgi (x_refsource_MISC)
git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bb… (x_refsource_MISC)
[debian-lts-announce] 20210203 [SECURITY] [DLA 2544-1] openldap security update (mailing-list, x_refsource_MLIST)
DSA-4845 (vendor-advisory, x_refsource_DEBIAN)
security.netapp.com/advisory/ntap-20210226-0002/ (x_refsource_CONFIRM)
support.apple.com/kb/HT212529 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-36222?: CVE-2020-36222 is a vulnerability in N/a. Published 2021-01-25.
Is CVE-2020-36222 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.