CVE-2020-10730

EUVD-2020-3155
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.5.0 ≤
𝑥
< 4.10.17
sambasamba
4.11.0 ≤
𝑥
< 4.11.11
sambasamba
4.12.0 ≤
𝑥
< 4.12.4
redhatstorage
3.0
opensuseleap
15.1
opensuseleap
15.2
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ldb
bullseye
2:2.2.3-2~deb11u2
fixed
bullseye (security)
2:2.2.3-2~deb11u2
fixed
buster
postponed
stretch
not-affected
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
buster
postponed
sid
2:4.21.1+dfsg-2
fixed
stretch
not-affected
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.17
released
eoan
Fixed 2:4.10.7+dfsg-0ubuntu2.6
released
focal
Fixed 2:4.11.6+dfsg-0ubuntu1.3
released
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
https://security.gentoo.org/glsa/202007-15
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2020-10730.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
https://security.gentoo.org/glsa/202007-15
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2020-10730.html