PublicDateAtUSN: 2020-10-30 00:00:00 UTC
Candidate: CVE-2020-25692
PublicDate: 2020-12-08 01:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25692
 https://ubuntu.com/security/notices/USN-4622-1
 https://ubuntu.com/security/notices/USN-4622-2
Description:
 A NULL pointer dereference was found in OpenLDAP server and was fixed in
 openldap 2.4.55, during a request for renaming RDNs. An unauthenticated
 attacker could remotely crash the slapd process by sending a specially
 crafted request, causing a Denial of Service.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.openldap.org/show_bug.cgi?id=9370
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_openldap:
 upstream: https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d
upstream_openldap: released (2.4.55+dfsg-1)
precise/esm_openldap: released (2.4.28-1.1ubuntu4.11)
trusty_openldap: ignored (out of standard support)
trusty/esm_openldap: released (2.4.31-1+nmu2ubuntu8.5+esm3)
xenial_openldap: released (2.4.42+dfsg-2ubuntu3.10)
esm-infra/xenial_openldap: released (2.4.42+dfsg-2ubuntu3.10)
bionic_openldap: released (2.4.45+dfsg-1ubuntu1.7)
focal_openldap: released (2.4.49+dfsg-2ubuntu1.4)
groovy_openldap: released (2.4.53+dfsg-1ubuntu1.1)
devel_openldap: released (2.4.53+dfsg-1ubuntu4)