CVE-2020-10730

MEDIUM

Samba <4.10.17-4.12.4 - Memory Corruption

Title source: llm
STIX 2.1

Description

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

References (10)

Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202007-15
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
Issue Tracking, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4884

Scores

CVSS v3 6.5
EPSS 0.0314
EPSS Percentile 87.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476 CWE-416
Status published
Products (7)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 31
opensuse/leap 15.1
opensuse/leap 15.2
redhat/storage 3.0
samba/samba 4.5.0 - 4.10.17
Published Jul 07, 2020
Tracked Since Feb 18, 2026