{"id":"CLSA-2025-1758645818","summary":"openldap: Fix of 14 CVEs","details":"- Rebase to 2.4.58 to fix the following vulnerabilities:\n- CVE-2020-12243: fix denial of service caused by LDAP search filters with nested\n  boolean expressions\n- CVE-2020-36221: fix integer underflow in the Certificate Exact Assertion processing\n- CVE-2020-36223: fix slapd crash in the Values Return Filter control handling\n- CVE-2020-36226: fix slapd crash in the saslAuthzTo processing\n- CVE-2020-36228: fix slapd crash in the Certificate List Exact Assertion processing\n- CVE-2020-36225: fix double free and slapd crash in the saslAuthzTo processing\n- CVE-2020-36227: fix infinite loop in slapd with the cancel_extop Cancel operation\n- CVE-2020-36230: fix assertion failure in slapd in the X.509 DN parsing in decode.c\n- CVE-2020-25692: fix NULL pointer dereference during a request for renaming RDNs\n- CVE-2020-25709: fix assertion failure caused by processing malicious packet\n- CVE-2020-36224: fix invalid pointer free and slapd crash in the saslAuthzTo\n  processing\n- CVE-2020-36229: fix slapd crash in the X.509 DN parsing in ad_keystring\n- CVE-2020-25710: fix failed assertion in csnNormalize23()\n- CVE-2020-36222: fix assertion failure in slapd in the saslAuthzTo validation","modified":"2026-05-27T11:34:22.400201140Z","published":"2026-04-23T20:31:57Z","upstream":["CVE-2020-12243","CVE-2020-25692","CVE-2020-25709","CVE-2020-25710","CVE-2020-36221","CVE-2020-36222","CVE-2020-36223","CVE-2020-36224","CVE-2020-36225","CVE-2020-36226","CVE-2020-36227","CVE-2020-36228","CVE-2020-36229","CVE-2020-36230"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos6els/CLSA-2025-1758645818.html"}],"affected":[{"package":{"name":"openldap","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/openldap?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2025-1758645818.json"}},{"package":{"name":"openldap-clients","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/openldap-clients?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2025-1758645818.json"}},{"package":{"name":"openldap-devel","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/openldap-devel?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2025-1758645818.json"}},{"package":{"name":"openldap-servers","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/openldap-servers?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2025-1758645818.json"}},{"package":{"name":"openldap-servers-sql","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/openldap-servers-sql?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2025-1758645818.json"}}],"schema_version":"1.7.5"}