CVE-2020-35518
- Source
- https://cve.org/CVERecord?id=CVE-2020-35518
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35518.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-35518
- Downstream
- Related
- Published
- 2021-03-26T17:15:12.280Z
- Modified
- 2026-02-20T16:40:52.315707Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
- References
-
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/issues/4480
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/issues/4480
Affected packages
Git / github.com/389ds/389-ds-base
Affected ranges
- Type
- GIT
- Repo
- https://github.com/389ds/389-ds-base
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
Affected versions
389-ds-base-1.*
389-ds-base-1.4.4.0
389-ds-base-1.4.4.1
389-ds-base-1.4.4.10
389-ds-base-1.4.4.11
389-ds-base-1.4.4.12
389-ds-base-1.4.4.2
389-ds-base-1.4.4.3
389-ds-base-1.4.4.4
389-ds-base-1.4.4.5
389-ds-base-1.4.4.7
389-ds-base-1.4.4.8
389-ds-base-1.4.4.9
389-ds-base-1.4.5.0
389-ds-base-2.*
389-ds-base-2.0.0
389-ds-base-2.0.0.0
389-ds-base-2.0.1
389-ds-base-2.0.2
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35518.json"
vanir_signatures
[
{
"target": {
"file": "ldap/servers/slapd/back-ldbm/ldbm_config.c"
},
"digest": {
"line_hashes": [
"77052046725761742736191245757834080893",
"200062147893151783779674741567439343108",
"316338524811121582645806109786831299266",
"301003175346272026105771522178948211242"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-35518-436b57f3",
"source": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc",
"deprecated": false,
"signature_version": "v1"
},
{
"target": {
"file": "ldap/servers/slapd/dse.c"
},
"digest": {
"line_hashes": [
"156327268525253698363660899521115683274",
"335402869101960669245776613554960002091",
"48679503366445529733574487735975941163",
"55275383875053882883620881562959351365",
"97793999284390048575770039265417524602",
"93437357065529380144791841150808323560",
"334210813283020886431060458429448003454",
"295683751000731501741412729082515590555",
"200895548605128804941227070130969920888",
"114568757203904273824644200368920260210",
"283960780581346130140347495791233769035",
"154052428143839224908335269617999166533"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-35518-6668af7b",
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"deprecated": false,
"signature_version": "v1"
},
{
"target": {
"file": "ldap/servers/slapd/back-ldbm/ldbm_bind.c"
},
"digest": {
"line_hashes": [
"231900200210085628883299799942067668579",
"293227023537761690832979670014535727304",
"529580841501224453670901892392782820",
"92938755121922726516016927907363779926",
"119176856061870748709409521201365395736"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-35518-6dbc738f",
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"deprecated": false,
"signature_version": "v1"
},
{
"target": {
"file": "ldap/servers/slapd/result.c",
"function": "send_ldap_result_ext"
},
"digest": {
"length": 5728.0,
"function_hash": "161568368649263161676050796206389097096"
},
"signature_type": "Function",
"id": "CVE-2020-35518-92c102ff",
"source": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc",
"deprecated": false,
"signature_version": "v1"
},
{
"target": {
"file": "ldap/servers/slapd/back-ldbm/ldbm_bind.c",
"function": "ldbm_back_bind"
},
"digest": {
"length": 2174.0,
"function_hash": "121539299605689041318853093154430367139"
},
"signature_type": "Function",
"id": "CVE-2020-35518-ae816c87",
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"deprecated": false,
"signature_version": "v1"
},
{
"target": {
"file": "ldap/servers/slapd/result.c"
},
"digest": {
"line_hashes": [
"93023770981467552284335591659520590179",
"160087572227559021620709316116632204265",
"283721859586959455658915352025728779039",
"189889751970639446926761919471682374906"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2020-35518-b1b7e320",
"source": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc",
"deprecated": false,
"signature_version": "v1"
},
{
"target": {
"file": "ldap/servers/slapd/dse.c",
"function": "dse_bind"
},
"digest": {
"length": 1488.0,
"function_hash": "156790754977640553600549957926651256104"
},
"signature_type": "Function",
"id": "CVE-2020-35518-f7fbbd76",
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"deprecated": false,
"signature_version": "v1"
}
]