CVE-2019-12435 — NULL Pointer Dereference in Samba

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

4.0%

top 11.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedJun 19

Latest updateMay 24

Description

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/samba4.9.0 — 4.9.9+1

▶debiandebian/samba< samba 2:4.9.5+dfsg-5 (bookworm)

▶Debiansamba/samba< 2:4.9.5+dfsg-5+3

🔴Vulnerability Details

GHSA

GHSA-8gjg-6f8w-gvhc: Samba 4↗2022-05-24

▶

OSV

CVE-2019-12435: Samba 4↗2019-06-19

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2019-06-19

▶

Red Hat

samba: AD DC Denial of Service in DNS management server↗2019-06-19

▶

Debian

CVE-2019-12435: samba - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference...↗2019

▶

💬Community

Bugzilla

CVE-2019-12435 samba: AD DC Denial of Service in DNS management server [fedora-all]↗2019-06-19

▶

Bugzilla

CVE-2019-12435 samba: AD DC Denial of Service in DNS management server↗2019-05-20

▶