Samba up to 4.10.14/4.11.7/4.12.1 AD DC LDAP Server use after free

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in Samba up to 4.10.14/4.11.7/4.12.1 (File Transfer Software). Affected is an unknown part of the component AD DC LDAP Server. Upgrading to version 4.10.15, 4.11.8 or 4.12.2 eliminates this vulnerability.

Field05/05/2020 08:32 AM10/15/2020 08:51 AM10/15/2020 08:59 AM
risk111
cvss2_vuldb_basescore2.62.62.6
cvss2_vuldb_tempscore2.32.32.3
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore4.24.24.2
cvss3_meta_tempscore4.04.04.0
cvss3_vuldb_basescore3.13.13.1
cvss3_vuldb_tempscore3.03.03.0
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
date1588550400 (05/04/2020)1588550400 (05/04/2020)1588550400 (05/04/2020)
locationBugzillaBugzillaBugzilla
typeBug ReportBug ReportBug Report
urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version4.10.15/4.11.8/4.12.24.10.15/4.11.8/4.12.24.10.15/4.11.8/4.12.2
cveCVE-2020-10700CVE-2020-10700CVE-2020-10700
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore5.35.35.3
nameSambaSambaSamba
version<=4.10.14/4.11.7/4.12.1<=4.10.14/4.11.7/4.12.1<=4.10.14/4.11.7/4.12.1
componentAD DC LDAP ServerAD DC LDAP ServerAD DC LDAP Server
cvss3_nvd_avNNN
cvss3_nvd_acHHH
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
cve_assigned158466240015846624001584662400
cve_nvd_summaryA use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
typeFile Transfer SoftwareFile Transfer SoftwareFile Transfer Software
cwe416 (memory corruption)416 (memory corruption)416 (memory corruption)
confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700
cve_cnaRed Hat, Inc.

Do you want to use VulDB in your project?

Use the official API to access entries easily!