CVE-2021-3670 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Affected Products (NVD)

Vendor	Product	Version
samba	samba	4.1.0 ≤ 𝑥 < 4.16.0
redhat	storage	3.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ldb

bullseye	2:2.2.3-2~deb11u2 fixed
bullseye (security)	2:2.2.3-2~deb11u2 fixed
buster	ignored
stretch	no-dsa

samba

bookworm	2:4.17.12+dfsg-0+deb12u1 fixed
bookworm (security)	2:4.17.12+dfsg-0+deb12u1 fixed
bullseye	ignored
bullseye (security)	vulnerable
buster	ignored
sid	2:4.21.1+dfsg-2 fixed
stretch	no-dsa
trixie	2:4.21.1+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

ldb

bionic	needed
focal	Fixed 2:2.2.3-0ubuntu0.20.04.3 released
impish	ignored
jammy	not-affected
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	needs-triage
xenial	needs-triage

samba

bionic	needed
focal	Fixed 2:4.13.17~dfsg-0ubuntu1.20.04.1 released
impish	ignored
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	needs-triage
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

ldb-tools

suse enterprise desktop 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise desktop 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise desktop 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise desktop 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise sap 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise sap 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise sap 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise sap 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise server 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise server 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise server 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise server 15 SP6	2.8.0-150600.1.4 fixed

libldb-devel

suse enterprise desktop 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise desktop 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise desktop 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise desktop 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise sap 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise sap 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise sap 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise sap 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise server 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise server 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise server 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise server 15 SP6	2.8.0-150600.1.4 fixed

libldb2

suse enterprise desktop 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise desktop 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise desktop 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise desktop 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise sap 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise sap 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise sap 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise sap 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise server 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise server 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise server 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise server 15 SP6	2.8.0-150600.1.4 fixed

libldb2-32bit

suse enterprise desktop 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise desktop 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise desktop 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise desktop 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise sap 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise sap 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise sap 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise sap 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise server 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise server 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise server 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise server 15 SP6	2.8.0-150600.1.4 fixed

python3-ldb

suse enterprise desktop 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise desktop 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise desktop 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise desktop 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise sap 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise sap 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise sap 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise sap 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise server 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise server 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise server 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise server 15 SP6	2.8.0-150600.1.4 fixed

python3-ldb-devel

suse enterprise desktop 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise desktop 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise desktop 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise desktop 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise sap 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise sap 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise sap 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise sap 15 SP6	2.8.0-150600.1.4 fixed
suse enterprise server 15 SP3	2.4.2-150300.3.15.1 fixed
suse enterprise server 15 SP4	2.4.2-150400.4.3.11 fixed
suse enterprise server 15 SP5	2.6.2-150500.1.1 fixed
suse enterprise server 15 SP6	2.8.0-150600.1.4 fixed

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2077533

https://bugzilla.samba.org/show_bug.cgi?id=14694

https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f

https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002

https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393

https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b

https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803

https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81

https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049

https://security.gentoo.org/glsa/202309-06

https://bugzilla.redhat.com/show_bug.cgi?id=2077533

https://bugzilla.samba.org/show_bug.cgi?id=14694

https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f

https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002

https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393

https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b

https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803

https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81

https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049

https://security.gentoo.org/glsa/202309-06