Vulnerability CVE-2021-27212: Information

Description

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-27212
Published: Feb. 14, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-617

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openldapsisyphus2.4.59-alt12.6.7-alt2ALT-PU-2021-2530-1282933Fixed
openldapp102.4.59-alt12.4.59-alt1.p10.2ALT-PU-2021-2578-1282974Fixed
openldapp92.4.59-alt0.p9.12.4.59-alt0.p9.1ALT-PU-2021-2680-1281540Fixed
openldapc10f12.4.59-alt12.4.59-alt1.p10.2ALT-PU-2021-2578-1282974Fixed
openldapc9f22.4.59-alt0.c9.12.4.59-alt0.c9.2ALT-PU-2021-2585-1283266Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
  • Patch
  • Vendor Advisory
https://bugs.openldap.org/show_bug.cgi?id=9454
  • Exploit
  • Issue Tracking
  • Vendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
  • Patch
  • Vendor Advisory
[debian-lts-announce] 20210220 [SECURITY] [DLA 2574-1] openldap security update
  • Mailing List
  • Third Party Advisory
DSA-4860
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20210319-0005/
  • Third Party Advisory
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
    [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

        1. Configuration 1

          cpe:2.3:a:openldap:openldap:2.5.1:alpha:*:*:*:*:*:*
          cpe:2.3:a:openldap:openldap:2.5.0:alpha:*:*:*:*:*:*
          cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
          End including
          2.4.57

          Configuration 2

          cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
          cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.1
      Back to top