CVE-2019-12436 — NULL Pointer Dereference in Samba

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

2.4%

top 14.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Canonical Ubuntu Linux Debian Samba

Timeline

PublishedJun 19

Latest updateMay 24

Description

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/samba4.10.0 — 4.10.5

▶Alpinesamba/samba< 4.10.5-r0+13

▶debiandebian/samba

Also affects: Ubuntu Linux 19.04

🔴Vulnerability Details

GHSA

GHSA-8c68-g8rx-85g8: Samba 4↗2022-05-24

▶

OSV

CVE-2019-12436: Samba 4↗2019-06-19

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2019-06-19

▶

Red Hat

samba: NULL pointer dereference in Samba LDAP server leading to crash and Dos↗2019-06-19

▶

Debian

CVE-2019-12436: samba - Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC L...↗2019

▶

💬Community

Bugzilla

CVE-2019-12436 samba: NULL pointer dereference in Samba LDAP server leading to crash and Dos [fedora-all]↗2019-06-19

▶

Bugzilla

CVE-2019-12436 samba: NULL pointer dereference in Samba LDAP server leading to crash and Dos↗2019-05-20

▶