CVE-2020-10700 — Use After Free in Samba
Severity
5.3MEDIUMNVD
EPSS
2.9%
top 13.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 4
Latest updateMay 24
Description
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5red_hat/sambaAll versions before 4.10.15, All versions before 4.11.8, All versions before 4.12.2+2
Also affects: Fedora 30, 31, 32
🔴Vulnerability Details
4GHSA▶
GHSA-7g79-5vjp-6w3f: A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control↗2022-05-24
CVEList▶
CVE-2020-10700: A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control↗2020-05-04
OSV▶
CVE-2020-10700: A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control↗2020-05-04
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2020-10730 samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results↗2020-06-22
Bugzilla
▶