CVE-2020-10730

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.5.0 ≤
𝑥
< 4.10.17
sambasamba
4.11.0 ≤
𝑥
< 4.11.11
sambasamba
4.12.0 ≤
𝑥
< 4.12.4
redhatstorage
3.0
opensuseleap
15.1
opensuseleap
15.2
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ldb
bullseye
2:2.2.3-2~deb11u2
fixed
bullseye (security)
2:2.2.3-2~deb11u2
fixed
buster
postponed
stretch
not-affected
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
buster
postponed
sid
2:4.21.1+dfsg-2
fixed
stretch
not-affected
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.17
released
eoan
Fixed 2:4.10.7+dfsg-0ubuntu2.6
released
focal
Fixed 2:4.11.6+dfsg-0ubuntu1.3
released
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ldb-tools
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
libldb-devel
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
libldb1
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise desktop 15 SP3
1.4.6-3.5.2
fixed
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP3
1.4.6-3.5.2
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 15 SP3
1.4.6-3.5.2
fixed
libldb1-32bit
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 12 SP5
1.5.8-3.5.1
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 12 SP5
1.5.8-3.5.1
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
libldb2
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
libldb2-32bit
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
python-ldb
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise desktop 15 SP3
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP3
1.4.6-3.5.2
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 15 SP3
1.4.6-3.5.2
fixed
python-ldb-devel
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
python3-ldb
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
python3-ldb-devel
suse enterprise desktop 15 SP1
1.4.6-3.5.2
fixed
suse enterprise desktop 15 SP2
2.0.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.2.1-1.1
fixed
suse enterprise desktop 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise desktop 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise desktop 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise sap 15 SP1
1.4.6-3.5.2
fixed
suse enterprise sap 15 SP2
2.0.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.2.1-1.1
fixed
suse enterprise sap 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise sap 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise sap 15 SP6
2.8.0-150600.1.4
fixed
suse enterprise server 15 SP1
1.4.6-3.5.2
fixed
suse enterprise server 15 SP2
2.0.12-3.3.1
fixed
suse enterprise server 15 SP3
2.2.1-1.1
fixed
suse enterprise server 15 SP4
2.4.1-150400.2.5
fixed
suse enterprise server 15 SP5
2.6.2-150500.1.1
fixed
suse enterprise server 15 SP6
2.8.0-150600.1.4
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ldb-tools
RHEL 8
0:2.1.3-2.el8
fixed
libldb
RHEL 8
0:2.1.3-2.el8
fixed
libldb-devel
RHEL 8
0:2.1.3-2.el8
fixed
python3-ldb
RHEL 8
0:2.1.3-2.el8
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
https://security.gentoo.org/glsa/202007-15
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2020-10730.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
https://security.gentoo.org/glsa/202007-15
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2020-10730.html