{"id":"CVE-2020-35518","details":"When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.","modified":"2026-04-10T08:38:24.771712Z","published":"2021-03-26T17:15:12.280Z","related":["SUSE-SU-2021:0724-1","openSUSE-SU-2021:0418-1"],"references":[{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905565"},{"type":"FIX","url":"https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32"},{"type":"FIX","url":"https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc"},{"type":"FIX","url":"https://github.com/389ds/389-ds-base/issues/4480"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/389ds/389-ds-base","events":[{"introduced":"0"},{"fixed":"bef0b5bed0f6f32557a862debf25c5dc9d001256"},{"introduced":"5fc54f4343fca0511f24af29915365a1988a841d"},{"fixed":"6841d693fcec1636cc3ba7a9be58b4e1b276400a"},{"introduced":"cdaa81c5085c3188a5a8e19561cede093a3dd3fd"},{"fixed":"a355b30b213432b7e53035f46ec70c502aadfb36"},{"fixed":"b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32"},{"fixed":"cc0f69283abc082488824702dae485b8eae938bc"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.3.19"},{"introduced":"1.4.4.0"},{"fixed":"1.4.4.13"},{"introduced":"2.0.0"},{"fixed":"2.0.3"}]}}],"versions":["389-ds-base-1.2.10.a1","389-ds-base-1.2.10.a2","389-ds-base-1.2.10.a3","389-ds-base-1.2.10.a4","389-ds-base-1.2.10.a5","389-ds-base-1.2.10.a6","389-ds-base-1.2.10.a7","389-ds-base-1.2.10.a8","389-ds-base-1.2.10.rc1","389-ds-base-1.2.11.a1","389-ds-base-1.2.3","389-ds-base-1.2.4","389-ds-base-1.2.5.a1","389-ds-base-1.2.5.rc1","389-ds-base-1.2.5.rc2","389-ds-base-1.2.5.rc3","389-ds-base-1.2.5.rc4","389-ds-base-1.2.6.a1","389-ds-base-1.2.6.a2","389-ds-base-1.2.6.a3","389-ds-base-1.2.6.a4","389-ds-base-1.2.6.rc1","389-ds-base-1.2.6.rc2","389-ds-base-1.2.6.rc3","389-ds-base-1.2.7","389-ds-base-1.2.7.1","389-ds-base-1.2.7.2","389-ds-base-1.2.7.3","389-ds-base-1.2.7.4","389-ds-base-1.2.7.a1","389-ds-base-1.2.7.a2","389-ds-base-1.2.7.a3","389-ds-base-1.2.7.a4","389-ds-base-1.2.7.a5","389-ds-base-1.2.8.a1","389-ds-base-1.2.8.a2","389-ds-base-1.2.9.0","389-ds-base-1.2.9.1","389-ds-base-1.2.9.2","389-ds-base-1.2.9.3","389-ds-base-1.2.9.4","389-ds-base-1.2.9.5","389-ds-base-1.2.9.a1","389-ds-base-1.2.9.a2","389-ds-base-1.3.0.a1","389-ds-base-1.3.0.rc1","389-ds-base-1.3.5.0","389-ds-base-1.3.5.1","389-ds-base-1.3.5.10","389-ds-base-1.3.5.11","389-ds-base-1.3.5.12","389-ds-base-1.3.5.13","389-ds-base-1.3.5.2","389-ds-base-1.3.5.3","389-ds-base-1.3.5.4","389-ds-base-1.3.5.5","389-ds-base-1.3.5.6","389-ds-base-1.3.5.7","389-ds-base-1.3.5.8","389-ds-base-1.3.5.9","389-ds-base-1.3.6.0","389-ds-base-1.3.6.1","389-ds-base-1.3.6.2","389-ds-base-1.3.6.3","389-ds-base-1.3.6.4","389-ds-base-1.3.7.0","389-ds-base-1.3.7.2","389-ds-base-1.3.7.3","389-ds-base-1.3.7.4","389-ds-base-1.4.0.0","389-ds-base-1.4.0.1","389-ds-base-1.4.0.10","389-ds-base-1.4.0.11","389-ds-base-1.4.0.12","389-ds-base-1.4.0.13","389-ds-base-1.4.0.14","389-ds-base-1.4.0.15","389-ds-base-1.4.0.16","389-ds-base-1.4.0.17","389-ds-base-1.4.0.18","389-ds-base-1.4.0.19","389-ds-base-1.4.0.2","389-ds-base-1.4.0.20","389-ds-base-1.4.0.3","389-ds-base-1.4.0.4","389-ds-base-1.4.0.5","389-ds-base-1.4.0.6","389-ds-base-1.4.0.7","389-ds-base-1.4.0.8","389-ds-base-1.4.0.9","389-ds-base-1.4.1.0","389-ds-base-1.4.1.1","389-ds-base-1.4.1.2","389-ds-base-1.4.1.3","389-ds-base-1.4.1.4","389-ds-base-1.4.1.5","389-ds-base-1.4.1.6","389-ds-base-1.4.2.1","389-ds-base-1.4.2.2","389-ds-base-1.4.2.3","389-ds-base-1.4.2.4","389-ds-base-1.4.2.5","389-ds-base-1.4.3.1","389-ds-base-1.4.3.10","389-ds-base-1.4.3.11","389-ds-base-1.4.3.12","389-ds-base-1.4.3.13","389-ds-base-1.4.3.14","389-ds-base-1.4.3.15","389-ds-base-1.4.3.16","389-ds-base-1.4.3.17","389-ds-base-1.4.3.18","389-ds-base-1.4.3.2","389-ds-base-1.4.3.3","389-ds-base-1.4.3.4","389-ds-base-1.4.3.5","389-ds-base-1.4.3.6","389-ds-base-1.4.3.7","389-ds-base-1.4.3.8","389-ds-base-1.4.3.9","389-ds-base-1.4.4.0","389-ds-base-1.4.4.1","389-ds-base-1.4.4.10","389-ds-base-1.4.4.11","389-ds-base-1.4.4.12","389-ds-base-1.4.4.2","389-ds-base-1.4.4.3","389-ds-base-1.4.4.4","389-ds-base-1.4.4.5","389-ds-base-1.4.4.7","389-ds-base-1.4.4.8","389-ds-base-1.4.4.9","389-ds-base-2.0.0","389-ds-base-2.0.0.0","389-ds-base-2.0.1","389-ds-base-2.0.2","Directory_Server_8_1_Candidate_20090324","FedoraDirSvr10","FedoraDirSvr110a1","FedoraDirSvr110a2","FedoraDirSvr110a3","FedoraDirSvr110a3_20070320","FedoraDirSvr110a4","FedoraDirSvr110a4_20070720","FedoraDirSvr110b1","FedoraDirSvr110b1_20070813","FedoraDirSvr110b1_20070816","FedoraDirSvr110b2","FedoraDirSvr110b2_20071107","FedoraDirSvr111","FedoraDirSvr111_20080530","FedoraDirSvr_1_1_2","FedoraDirSvr_1_1_2_20080904","FedoraDirSvr_1_1_2_RC","FedoraDirSvr_1_1_2_RC2","FedoraDirSvr_1_1_2_RC_20080828","FedoraDirSvr_1_1_3_20080923","FedoraDirSvr_20051103_RTC","before-merge-nunc-stans","ldapserver7x"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35518.json","vanir_signatures_modified":"2026-04-10T08:38:24Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["77052046725761742736191245757834080893","200062147893151783779674741567439343108","316338524811121582645806109786831299266","301003175346272026105771522178948211242"],"threshold":0.9},"source":"https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc","id":"CVE-2020-35518-436b57f3","signature_type":"Line","target":{"file":"ldap/servers/slapd/back-ldbm/ldbm_config.c"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["156327268525253698363660899521115683274","335402869101960669245776613554960002091","48679503366445529733574487735975941163","55275383875053882883620881562959351365","97793999284390048575770039265417524602","93437357065529380144791841150808323560","334210813283020886431060458429448003454","295683751000731501741412729082515590555","200895548605128804941227070130969920888","114568757203904273824644200368920260210","283960780581346130140347495791233769035","154052428143839224908335269617999166533"],"threshold":0.9},"source":"https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32","id":"CVE-2020-35518-6668af7b","signature_type":"Line","target":{"file":"ldap/servers/slapd/dse.c"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["231900200210085628883299799942067668579","293227023537761690832979670014535727304","529580841501224453670901892392782820","92938755121922726516016927907363779926","119176856061870748709409521201365395736"],"threshold":0.9},"source":"https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32","id":"CVE-2020-35518-6dbc738f","signature_type":"Line","target":{"file":"ldap/servers/slapd/back-ldbm/ldbm_bind.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"161568368649263161676050796206389097096","length":5728},"source":"https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc","id":"CVE-2020-35518-92c102ff","signature_type":"Function","target":{"file":"ldap/servers/slapd/result.c","function":"send_ldap_result_ext"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"121539299605689041318853093154430367139","length":2174},"source":"https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32","id":"CVE-2020-35518-ae816c87","signature_type":"Function","target":{"file":"ldap/servers/slapd/back-ldbm/ldbm_bind.c","function":"ldbm_back_bind"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["93023770981467552284335591659520590179","160087572227559021620709316116632204265","283721859586959455658915352025728779039","189889751970639446926761919471682374906"],"threshold":0.9},"source":"https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc","id":"CVE-2020-35518-b1b7e320","signature_type":"Line","target":{"file":"ldap/servers/slapd/result.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"156790754977640553600549957926651256104","length":1488},"source":"https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32","id":"CVE-2020-35518-f7fbbd76","signature_type":"Function","target":{"file":"ldap/servers/slapd/dse.c","function":"dse_bind"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}