CVE-2020-15719

Medium

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125…

mitre·CWE-295·Published 2020-07-14

CVSS

4.2

EPSS

0.02

KEV

Exploits

cve.orgen

296 chars

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

NVDen

296 chars

NVDes

339 chars

libldap en determinados paquetes OpenLDAP de terceros presenta un fallo de comprobación de certificados cuando el paquete de terceros está afirmando que admite RFC6125. Considera CN incluso cuando se presenta un subjectAltName (SAN) no coincidente. Esto es corregido, por ejemplo, en la versión openldap-2.4.46-10.el8 en Red Hat Enterprise

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	4.9	4.9	AV:N/AC:H/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N