CVE-2019-14847 — NULL Pointer Dereference in Samba

CWE-476 — NULL Pointer Dereference11 documents7 sources

Severity

4.9MEDIUMNVD

OSV6.5

EPSS

2.4%

top 14.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Fedoraproject Fedora +1 more

Timeline

PublishedNov 6

Latest updateMay 24

Description

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages6 packages

▶NVDsamba/samba4.0.0 — 4.9.15+1

▶debiandebian/samba< samba 2:4.11.0+dfsg-6 (bookworm)

▶Debiansamba/samba< 2:4.11.0+dfsg-6+3

▶Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.16.04.23+2

▶CVEListV5samba/sambasamba 4.0.0 before samba 4.9.15, samba 4.10.x before 4.10.10

Also affects: Fedora 29, 30

🔴Vulnerability Details

GHSA

GHSA-fc52-9g4r-5jw7: A flaw was found in samba 4↗2022-05-24

▶

OSV

CVE-2019-14847: A flaw was found in samba 4↗2019-11-06

▶

OSV

samba vulnerabilities↗2019-10-29

▶

OSV

samba vulnerabilities↗2019-10-29

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2019-10-29

▶

Ubuntu

Samba vulnerabilities↗2019-10-29

▶

Red Hat

samba: samba AD DC LDAP denial of service via dirsync↗2019-10-29

▶

Debian

CVE-2019-14847: samba - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10...↗2019

▶

💬Community

Bugzilla

CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync [fedora-all]↗2019-10-30

▶

Bugzilla

CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync↗2019-10-22

▶