CVE-2020-10704 — Uncontrolled Recursion in Samba
Severity
7.5HIGHNVD
EPSS
8.9%
top 7.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 6
Latest updateMay 24
Description
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5red_hat/sambaAll versions before 4.10.15, All versions before 4.11.8, All versions before 4.12.2+2
Also affects: Debian Linux 9.0, Fedora 30, 31
🔴Vulnerability Details
6GHSA▶
GHSA-hxwv-6335-26h5: A flaw was found when using samba as an Active Directory Domain Controller↗2022-05-24
CVEList▶
CVE-2020-10704: A flaw was found when using samba as an Active Directory Domain Controller↗2020-05-06
OSV▶
CVE-2020-10704: A flaw was found when using samba as an Active Directory Domain Controller↗2020-05-06