| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-24668 |
|
|
DoS |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. |
|
2 |
CVE-2022-24667 |
190 |
|
DoS Overflow |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time |
|
3 |
CVE-2022-24666 |
|
|
DoS |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. |
|
4 |
CVE-2022-22653 |
20 |
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. |
|
5 |
CVE-2022-22643 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. |
|
6 |
CVE-2022-22627 |
787 |
|
|
2022-03-18 |
2022-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
7 |
CVE-2022-22626 |
125 |
|
|
2022-03-18 |
2022-03-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
8 |
CVE-2022-22625 |
125 |
|
|
2022-03-18 |
2022-03-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
9 |
CVE-2022-22609 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. |
|
10 |
CVE-2022-22585 |
59 |
|
|
2022-03-18 |
2022-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. |
|
11 |
CVE-2021-30995 |
362 |
|
|
2021-08-24 |
2022-02-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. |
|
12 |
CVE-2021-30984 |
362 |
|
Exec Code |
2021-08-24 |
2022-02-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
13 |
CVE-2021-30966 |
668 |
|
|
2021-08-24 |
2021-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. |
|
14 |
CVE-2021-30930 |
|
|
|
2021-08-24 |
2021-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. An attacker may be able to track users through their IP address. |
|
15 |
CVE-2021-30904 |
662 |
|
|
2021-08-24 |
2021-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage. |
|
16 |
CVE-2021-30882 |
|
|
|
2021-08-24 |
2021-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call. |
|
17 |
CVE-2021-30880 |
125 |
|
|
2021-08-24 |
2021-11-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
18 |
CVE-2021-30879 |
125 |
|
|
2021-08-24 |
2021-11-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
19 |
CVE-2021-30877 |
125 |
|
|
2021-08-24 |
2021-11-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
20 |
CVE-2021-30876 |
125 |
|
|
2021-08-24 |
2021-11-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
21 |
CVE-2021-30874 |
862 |
|
|
2021-08-24 |
2021-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission. |
|
22 |
CVE-2021-30864 |
|
|
|
2021-08-24 |
2022-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A sandboxed process may be able to circumvent sandbox restrictions. |
|
23 |
CVE-2021-30856 |
863 |
|
Bypass |
2021-08-24 |
2022-03-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions. This issue is fixed in macOS Big Sur 11.3. A malicious unsandboxed app on a system with Remote Login enabled may bypass Privacy preferences. |
|
24 |
CVE-2021-30854 |
|
|
|
2021-08-24 |
2021-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions. |
|
25 |
CVE-2021-30844 |
401 |
|
|
2021-10-19 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory. |
|
26 |
CVE-2021-30826 |
|
|
|
2021-10-19 |
2022-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection. |
|
27 |
CVE-2021-30800 |
|
|
DoS Exec Code |
2021-09-08 |
2021-09-21 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. |
|
28 |
CVE-2021-30788 |
|
|
|
2021-09-08 |
2021-09-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. |
|
29 |
CVE-2021-30786 |
362 |
|
Exec Code |
2021-09-08 |
2021-09-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
|
30 |
CVE-2021-30741 |
416 |
|
|
2021-09-08 |
2021-09-14 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. |
|
31 |
CVE-2021-30729 |
|
|
|
2021-09-08 |
2021-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results. |
|
32 |
CVE-2021-30720 |
287 |
|
|
2021-09-08 |
2021-09-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. |
|
33 |
CVE-2021-30715 |
|
|
DoS |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. |
|
34 |
CVE-2021-30710 |
787 |
|
DoS Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. |
|
35 |
CVE-2021-30698 |
476 |
|
DoS |
2021-09-08 |
2021-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. |
|
36 |
CVE-2021-22946 |
319 |
|
Bypass |
2021-09-29 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. |
|
37 |
CVE-2021-22945 |
415 |
|
|
2021-09-23 |
2022-04-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. |
|
38 |
CVE-2021-22925 |
908 |
|
|
2021-08-05 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. |
|
39 |
CVE-2021-4166 |
125 |
|
|
2021-12-25 |
2022-05-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
vim is vulnerable to Out-of-bounds Read |
|
40 |
CVE-2021-1849 |
347 |
|
Bypass |
2021-09-08 |
2021-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences. |
|
41 |
CVE-2021-1809 |
125 |
|
Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. |
|
42 |
CVE-2021-1808 |
125 |
|
Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. |
|
43 |
CVE-2021-1784 |
732 |
|
|
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system. |
|
44 |
CVE-2021-1764 |
416 |
|
DoS |
2021-04-02 |
2021-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
45 |
CVE-2021-1761 |
|
|
DoS |
2021-04-02 |
2021-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
46 |
CVE-2020-36230 |
617 |
|
DoS |
2021-01-26 |
2022-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. |
|
47 |
CVE-2020-36229 |
843 |
|
DoS |
2021-01-26 |
2022-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. |
|
48 |
CVE-2020-36228 |
191 |
|
DoS |
2021-01-26 |
2022-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. |
|
49 |
CVE-2020-36227 |
835 |
|
DoS |
2021-01-26 |
2022-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. |
|
50 |
CVE-2020-36226 |
|
|
DoS |
2021-01-26 |
2022-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. |
