CVE-2020-10730

Name
CVE-2020-10730
Description
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.samba.org/samba/security/CVE-2020-10730.html
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1849489;
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
Third Party Advisory https://security.gentoo.org/glsa/202007-15
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
MLIST https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
DEBIAN https://www.debian.org/security/2021/dsa-4884

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.5.0 < 4.10.17
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.11.0 < 4.11.11
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.12.0 < 4.12.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status