• CVE-2024-34750

    OL CVE Issue Summary:

    Improper Handling of Exceptional Conditions and Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to miscounting active HTTP/2 streams, which in turn led to the use of an incorrect infinite timeout, allowing connections to remain open that should have been closed.

    CVE-2024-34750
    Tomcat
    8.5.104-OL
    7.5

  • CVE-2024-25062

    OL CVE Issue Summary:

    When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to `heap-use-after-free`.
     

    CVE-2024-25062
    CentOS 8
    libxml2-2.9.7-9_ol007.el8.2
    7.5

  • CVE-2020-36225

    OL CVE Issue Summary:

    A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the `serialNumberAndIssuerCheck` and`serialNumberAndIssuerSerialCheck` functions in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the `authzPrettyNormal` function in `saslauthz.c`,resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_free_ctrls` function in `controls.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the `authzPrettyNormal` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the `dnPretty` function in `dn.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_parse_user` function in `saslauthz.c`, resulting in denial of service.

     A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the `certificateListExactNormalize` function in`schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `issuerAndThisUpdateCheck` function in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the `slap_bv2undef_ad` function in `ad.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in `decode.c` `ber_next_element`,resulting in denial of service.

    CVE-2020-36225
    CentOS 7
    openldap-2.4.44-25_ol001.el7_9
    7.5

  • CVE-2020-36223

    OL CVE Issue Summary:

    A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the `serialNumberAndIssuerCheck` and`serialNumberAndIssuerSerialCheck` functions in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the `authzPrettyNormal` function in `saslauthz.c`,resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_free_ctrls` function in `controls.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the `authzPrettyNormal` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the `dnPretty` function in `dn.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_parse_user` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the `certificateListExactNormalize` function in`schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `issuerAndThisUpdateCheck` function in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the `slap_bv2undef_ad` function in `ad.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in `decode.c` `ber_next_element`,resulting in denial of service.

    CVE-2020-36223
    CentOS 7
    openldap-2.4.44-25_ol001.el7_9

  • CVE-2020-36224

    OL CVE Issue Summary:

    A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the `serialNumberAndIssuerCheck` and`serialNumberAndIssuerSerialCheck` functions in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the `authzPrettyNormal` function in `saslauthz.c`,resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_free_ctrls` function in `controls.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the `authzPrettyNormal` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the `dnPretty` function in `dn.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_parse_user` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the `certificateListExactNormalize` function in`schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `issuerAndThisUpdateCheck` function in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the `slap_bv2undef_ad` function in `ad.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in `decode.c` `ber_next_element`,resulting in denial of service.

    CVE-2020-36224
    CentOS 7
    openldap-2.4.44-25_ol001.el7_9
    7.5

  • CVE-2020-36227

    OL CVE Issue Summary:

    A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the `serialNumberAndIssuerCheck` and`serialNumberAndIssuerSerialCheck` functions in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the `authzPrettyNormal` function in `saslauthz.c`,resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_free_ctrls` function in `controls.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the `authzPrettyNormal` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the `dnPretty` function in `dn.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_parse_user` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the `certificateListExactNormalize` function in`schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `issuerAndThisUpdateCheck` function in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the `slap_bv2undef_ad` function in `ad.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in `decode.c` `ber_next_element`,resulting in denial of service.

    CVE-2020-36227
    CentOS 7
    openldap-2.4.44-25_ol001.el7_9
    7.5

  • CVE-2020-36228

    OL CVE Issue Summary:

    A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the `serialNumberAndIssuerCheck` and`serialNumberAndIssuerSerialCheck` functions in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the `authzPrettyNormal` function in `saslauthz.c`,resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_free_ctrls` function in `controls.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the `authzPrettyNormal` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the `dnPretty` function in `dn.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_parse_user` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the `certificateListExactNormalize` function in`schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `issuerAndThisUpdateCheck` function in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the `slap_bv2undef_ad` function in `ad.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in `decode.c` `ber_next_element`,resulting in denial of service.

    CVE-2020-36228
    CentOS 7
    7.5

  • CVE-2020-36229

    OL CVE Issue Summary:

    A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the `serialNumberAndIssuerCheck` and`serialNumberAndIssuerSerialCheck` functions in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the `authzPrettyNormal` function in `saslauthz.c`,resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_free_ctrls` function in `controls.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the `authzPrettyNormal` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the `dnPretty` function in `dn.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_parse_user` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the `certificateListExactNormalize` function in`schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `issuerAndThisUpdateCheck` function in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the `slap_bv2undef_ad` function in `ad.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in `decode.c` `ber_next_element`,resulting in denial of service.

    CVE-2020-36229
    CentOS 7
    openldap-2.4.44-25_ol001.el7_9
    7.5

  • CVE-2020-36226

    OL CVE Issue Summary:

    A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the `serialNumberAndIssuerCheck` and`serialNumberAndIssuerSerialCheck` functions in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the `authzPrettyNormal` function in `saslauthz.c`,resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_free_ctrls` function in `controls.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the `authzPrettyNormal` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the `dnPretty` function in `dn.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `slap_parse_user` function in `saslauthz.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the `certificateListExactNormalize` function in`schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the `issuerAndThisUpdateCheck` function in `schema_init.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the `slap_bv2undef_ad` function in `ad.c`, resulting in denial of service.

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in `decode.c` `ber_next_element`, resulting in denial of service.

    CVE-2020-36226
    CentOS 7
    openldap-2.4.44-25_ol001.el7_9
    7.5