CVE-2020-10704
HIGHSamba < 4.10.15 - Denial of Service via LDAP Request Handling
Title source: llmDescription
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202007-15
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
Vendor Advisory
https://www.samba.org/samba/security/CVE-2020-10704.html
Scores
CVSS v3
7.5
EPSS
0.0889
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-674
Status
published
Products (5)
debian/debian_linux
9.0
fedoraproject/fedora
30
fedoraproject/fedora
31
opensuse/leap
15.2
samba/samba
4.0.0 - 4.10.15
Published
May 06, 2020
Tracked Since
Feb 18, 2026