CVE-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Weakness

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

Affected Software

Extended Description

This weakness can take several forms, such as:

Potential Mitigations

• Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
• For example, glibc in Linux provides protection against free of invalid pointers.

References

• http://seclists.org/fulldisclosure/2021/May/64
• http://seclists.org/fulldisclosure/2021/May/65
• http://seclists.org/fulldisclosure/2021/May/70
• https://bugs.openldap.org/show_bug.cgi?id=9409
• https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
• https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
• https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
• https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
• https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
• https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
• https://security.netapp.com/advisory/ntap-20210226-0002/
• https://support.apple.com/kb/HT212529
• https://support.apple.com/kb/HT212530
• https://support.apple.com/kb/HT212531
• https://www.debian.org/security/2021/dsa-4845