CVE-2021-20277

EUVD-2021-7711
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.0.0 ≤
𝑥
< 4.12.13
sambasamba
4.13.0 ≤
𝑥
< 4.13.6
sambasamba
4.14.0 ≤
𝑥
< 4.14.1
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ldb
bullseye
2:2.2.3-2~deb11u2
fixed
bullseye (security)
2:2.2.3-2~deb11u2
fixed
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
unimportant
bullseye (security)
unimportant
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ldb
bionic
Fixed 2:1.2.3-1ubuntu0.2
released
focal
Fixed 2:2.0.10-0ubuntu0.20.04.3
released
groovy
Fixed 2:2.1.4-2ubuntu0.1
released
trusty
Fixed 1:1.1.24-0ubuntu0.14.04.2+esm1
released
xenial
Fixed 2:1.1.24-1ubuntu3.2
released
samba
bionic
not-affected
focal
not-affected
groovy
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1941402
https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/
https://security.gentoo.org/glsa/202105-22
https://security.netapp.com/advisory/ntap-20210326-0007/
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2021-20277.html
https://bugzilla.redhat.com/show_bug.cgi?id=1941402
https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/
https://security.gentoo.org/glsa/202105-22
https://security.netapp.com/advisory/ntap-20210326-0007/
https://www.debian.org/security/2021/dsa-4884
https://www.samba.org/samba/security/CVE-2021-20277.html