CVE-2020-10730
Summary
| CVE | CVE-2020-10730 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-07 14:15:00 UTC |
| Updated | 2023-11-07 03:14:00 UTC |
| Description | A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. |
Risk And Classification
Problem Types: CWE-476 | CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Application | Redhat | Storage | 3.0 | All | All | All |
| Application | Redhat | Storage | 3.0 | All | All | All |
| Application | Samba | Samba | All | All | All | All |
| Application | Samba | Samba | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Samba - Security Announcement Archive | MISC | www.samba.org | Vendor Advisory |
| 1849489 – (CVE-2020-10730) CVE-2020-10730 samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results | MISC | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1121-1: moderate: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1023-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 31 Update: libldb-2.0.12-1.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| 1849489 – (CVE-2020-10730) CVE-2020-10730 samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results | bugzilla.redhat.com | ||
| [security-announce] openSUSE-SU-2020:1313-1: important: Security update | SUSE | lists.opensuse.org | |
| Samba: Multiple vulnerabilities (GLSA 202007-15) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| Debian -- Security Information -- DSA-4884-1 ldb | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 31 Update: libldb-2.0.12-1.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2020:0984-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] [DLA 2463-1] samba security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178491 Debian Security Update for ldb (DSA 4884-1)
- 376937 Alibaba Cloud Linux Security Update for libldb (ALINUX3-SA-2021:0028)
- 500628 Alpine Linux Security Update for samba
- 504388 Alpine Linux Security Update for samba
- 670229 EulerOS Security Update for samba (EulerOS-SA-2021-1846)
- 670688 EulerOS Security Update for samba (EulerOS-SA-2021-2446)
- 940339 AlmaLinux Security Update for libldb (ALSA-2020:4568)