CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
sambasamba
4.0.0 ≤
𝑥
< 4.12.13
sambasamba
4.13.0 ≤
𝑥
< 4.13.6
sambasamba
4.14.0 ≤
𝑥
< 4.14.1
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ldb
bullseye (security)
2:2.2.3-2~deb11u2
fixed
bullseye
2:2.2.3-2~deb11u2
fixed
samba
bullseye (security)
unimportant
bullseye
unimportant
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ldb
groovy
Fixed 2:2.1.4-2ubuntu0.1
released
focal
Fixed 2:2.0.10-0ubuntu0.20.04.3
released
bionic
Fixed 2:1.2.3-1ubuntu0.2
released
xenial
Fixed 2:1.1.24-1ubuntu3.2
released
trusty
Fixed 1:1.1.24-0ubuntu0.14.04.2+esm1
released
samba
groovy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1941402
https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/
https://security.gentoo.org/glsa/202105-22
https://security.netapp.com/advisory/ntap-20210326-0007/
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2021-20277.html
https://bugzilla.redhat.com/show_bug.cgi?id=1941402
https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/
https://security.gentoo.org/glsa/202105-22
https://security.netapp.com/advisory/ntap-20210326-0007/
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2021-20277.html