{"id":"CLSA-2026-1777310722","summary":"openldap: Fix of 15 CVEs","details":"- CVE-2019-13565: SASL session encryption SSF not reset on new connection, allowing downgrade\n- CVE-2020-12243: slapd crash via deeply nested LDAP search filter boolean expressions\n- CVE-2020-25692: NULL pointer dereference in slapd during modRDN request\n- CVE-2020-25709: slapd assertion failure via crafted certificate list validation\n- CVE-2020-25710: slapd assertion failure in obsolete csnNormalize23\n- CVE-2020-36221: slapd integer underflow crash in Certificate Exact Assertion processing\n- CVE-2020-36222: slapd assertion failure in saslAuthzTo validation\n- CVE-2020-36223: slapd double free crash in Values Return Filter control handling\n- CVE-2020-36224: slapd invalid pointer free and crash in saslAuthzTo processing\n- CVE-2020-36225: slapd double free crash in saslAuthzTo processing\n- CVE-2020-36226: slapd memch-\u003ebv_len miscalculation and crash in saslAuthzTo processing\n- CVE-2020-36227: slapd infinite loop via cancel_extop Cancel operation\n- CVE-2020-36228: slapd integer underflow crash in Certificate List Exact Assertion processing\n- CVE-2020-36229: slapd crash in X.509 DN parsing ad_keystring via ldap_X509dn2bv\n- CVE-2020-36230: slapd assertion failure in X.509 DN parsing ber_next_element in decode.c","modified":"2026-05-27T11:18:31.677422695Z","published":"2026-04-27T17:25:27Z","upstream":["CVE-2019-13565","CVE-2020-12243","CVE-2020-25692","CVE-2020-25709","CVE-2020-25710","CVE-2020-36221","CVE-2020-36222","CVE-2020-36223","CVE-2020-36224","CVE-2020-36225","CVE-2020-36226","CVE-2020-36227","CVE-2020-36228","CVE-2020-36229","CVE-2020-36230"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos8.5els/CLSA-2026-1777310722.html"}],"affected":[{"package":{"name":"openldap","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/openldap?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.46-18.el8.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777310722.json"}},{"package":{"name":"openldap-clients","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/openldap-clients?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.46-18.el8.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777310722.json"}},{"package":{"name":"openldap-devel","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/openldap-devel?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.46-18.el8.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777310722.json"}},{"package":{"name":"openldap-servers","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/openldap-servers?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.46-18.el8.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1777310722.json"}}],"schema_version":"1.7.5"}