CVE-2020-10700

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Samba
Vendor: CVE Published:; 4 May 2020

Summary

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Affected Version(s)

samba All versions before 4.10.15

samba All versions before 4.11.8

samba All versions before 4.12.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700

x_refsource_CONFIRM

https://www.samba.org/samba/security/CVE-2020-10700.html

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2020
Vulnerability Reserved
Mar 20, 2020

.