ALAS2-2020-1539

Affecting openldap package, versions <2.4.44-22.amzn2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1539. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-12243: In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). 1833535: CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters

Remediation

Upgrade openldap to version or higher.

References

CVE
ALAS2-2020-1539
Snyk ID
SNYK-AMZN2-OPENLDAP-1022821
Published
28 Oct, 2020