CVE-2020-10704

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Samba
Vendor
CVE Published:
6 May 2020

Summary

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Affected Version(s)

samba All versions before 4.10.15

samba All versions before 4.11.8

samba All versions before 4.12.2

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.