Login Sign Up

CVE-2020-36229

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in OpenLDAP's X.509 DN parsing can cause the slapd daemon to crash when processing specially crafted certificates, leading to denial of service. It affects OpenLDAP servers using X.509 certificate authentication. The flaw is triggered during DN parsing in the ad_keystring function.

💻 Affected Systems

Products:
  • OpenLDAP
Versions: All versions before 2.4.57
Operating Systems: All operating systems running vulnerable OpenLDAP versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects configurations using X.509 certificate authentication. Standard LDAP authentication without certificates is not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Openldap by Openldap

View all CVEs affecting Openldap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attackers could crash OpenLDAP slapd service, causing complete LDAP service outage and disrupting authentication/authorization systems.

🟠

Likely Case

Denial of service through slapd crash, requiring service restart to restore LDAP functionality.

🟢

If Mitigated

Minimal impact if proper network segmentation and certificate validation controls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted X.509 certificates to the OpenLDAP server. The vulnerability is in parsing logic, making reliable exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenLDAP 2.4.57 and later

Vendor Advisory: https://bugs.openldap.org/show_bug.cgi?id=9425

Restart Required: Yes

Instructions:

1. Download OpenLDAP 2.4.57 or later from openldap.org. 2. Stop slapd service. 3. Install updated version. 4. Restart slapd service.

🔧 Temporary Workarounds

Disable X.509 certificate authentication

all

Temporarily disable X.509 certificate authentication if not required

Edit slapd.conf or slapd.d configuration to remove TLSVerifyClient settings or set to 'never'

Network filtering

all

Block or filter incoming X.509 certificate traffic at network perimeter

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to OpenLDAP servers
  • Deploy WAF or IPS with rules to detect and block malicious certificate patterns

🔍 How to Verify

Check if Vulnerable:

Check OpenLDAP version: slapd -VV 2>&1 | grep -i 'openldap'

Check Version:

slapd -VV 2>&1 | grep -i 'openldap'

Verify Fix Applied:

Verify version is 2.4.57 or later and test with valid X.509 certificates

📡 Detection & Monitoring

Log Indicators:

  • slapd crash logs
  • segmentation fault errors in system logs
  • unexpected slapd restarts

Network Indicators:

  • Unusual X.509 certificate traffic to LDAP ports
  • Multiple connection attempts with malformed certificates

SIEM Query:

source="*slapd*" AND ("segmentation fault" OR "crash" OR "abort")

📊 Metadata

CVE ID: CVE-2020-36229
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-843
Published: January 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36229, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2016-1000005 9.8

This CVE involves a type confusion vulnerability in HHVM's mcrypt_get_block_size function where the ...

Same vulnerability type (CWE-843)