CVE-2020-35518
- Source
- https://cve.org/CVERecord?id=CVE-2020-35518
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35518.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-35518
- Downstream
- Related
- Published
- 2021-03-26T17:15:12.280Z
- Modified
- 2026-03-15T22:36:20.522937Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
- References
Affected packages
Git / github.com/389ds/389-ds-base
Affected ranges
- Type
- GIT
- Repo
- https://github.com/389ds/389-ds-base
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.4.3.19" }, { "introduced": "1.4.4.0" }, { "fixed": "1.4.4.13" }, { "introduced": "2.0.0" }, { "fixed": "2.0.3" } ] }
Affected versions
389-ds-base-1.*
389-ds-base-1.4.4.0
389-ds-base-1.4.4.1
389-ds-base-1.4.4.10
389-ds-base-1.4.4.11
389-ds-base-1.4.4.12
389-ds-base-1.4.4.2
389-ds-base-1.4.4.3
389-ds-base-1.4.4.4
389-ds-base-1.4.4.5
389-ds-base-1.4.4.7
389-ds-base-1.4.4.8
389-ds-base-1.4.4.9
389-ds-base-1.4.5.0
389-ds-base-2.*
389-ds-base-2.0.0
389-ds-base-2.0.0.0
389-ds-base-2.0.1
389-ds-base-2.0.2
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
}
]
vanir_signatures
[
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "ldap/servers/slapd/back-ldbm/ldbm_config.c"
},
"id": "CVE-2020-35518-436b57f3",
"deprecated": false,
"source": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc",
"digest": {
"line_hashes": [
"77052046725761742736191245757834080893",
"200062147893151783779674741567439343108",
"316338524811121582645806109786831299266",
"301003175346272026105771522178948211242"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "ldap/servers/slapd/dse.c"
},
"id": "CVE-2020-35518-6668af7b",
"deprecated": false,
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"digest": {
"line_hashes": [
"156327268525253698363660899521115683274",
"335402869101960669245776613554960002091",
"48679503366445529733574487735975941163",
"55275383875053882883620881562959351365",
"97793999284390048575770039265417524602",
"93437357065529380144791841150808323560",
"334210813283020886431060458429448003454",
"295683751000731501741412729082515590555",
"200895548605128804941227070130969920888",
"114568757203904273824644200368920260210",
"283960780581346130140347495791233769035",
"154052428143839224908335269617999166533"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "ldap/servers/slapd/back-ldbm/ldbm_bind.c"
},
"id": "CVE-2020-35518-6dbc738f",
"deprecated": false,
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"digest": {
"line_hashes": [
"231900200210085628883299799942067668579",
"293227023537761690832979670014535727304",
"529580841501224453670901892392782820",
"92938755121922726516016927907363779926",
"119176856061870748709409521201365395736"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "ldap/servers/slapd/result.c",
"function": "send_ldap_result_ext"
},
"id": "CVE-2020-35518-92c102ff",
"deprecated": false,
"source": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc",
"digest": {
"function_hash": "161568368649263161676050796206389097096",
"length": 5728.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "ldap/servers/slapd/back-ldbm/ldbm_bind.c",
"function": "ldbm_back_bind"
},
"id": "CVE-2020-35518-ae816c87",
"deprecated": false,
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"digest": {
"function_hash": "121539299605689041318853093154430367139",
"length": 2174.0
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "ldap/servers/slapd/result.c"
},
"id": "CVE-2020-35518-b1b7e320",
"deprecated": false,
"source": "https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc",
"digest": {
"line_hashes": [
"93023770981467552284335591659520590179",
"160087572227559021620709316116632204265",
"283721859586959455658915352025728779039",
"189889751970639446926761919471682374906"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "ldap/servers/slapd/dse.c",
"function": "dse_bind"
},
"id": "CVE-2020-35518-f7fbbd76",
"deprecated": false,
"source": "https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32",
"digest": {
"function_hash": "156790754977640553600549957926651256104",
"length": 1488.0
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35518.json"