CVE-2020-27840

Summary

CVE	CVE-2020-27840
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-12 15:15:00 UTC
Updated	2023-11-07 03:21:00 UTC
Description	A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Samba	Samba	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 33 Update: libldb-2.2.1-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
1941400 – (CVE-2020-27840) CVE-2020-27840 samba: Heap corruption via crafted DN strings	MISC	bugzilla.redhat.com
[SECURITY] Fedora 32 Update: samba-4.12.14-0.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] [DLA 2611-1] ldb security update	MLIST	lists.debian.org
[SECURITY] Fedora 33 Update: libldb-2.2.1-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Debian -- Security Information -- DSA-4884-1 ldb	DEBIAN	www.debian.org
March 2021 Samba Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Samba: Multiple vulnerabilities (GLSA 202105-22) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] Fedora 34 Update: samba-4.14.2-0.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 32 Update: samba-4.12.14-0.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 34 Update: samba-4.14.2-0.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Samba - Security Announcement Archive	MISC	www.samba.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

174841 SUSE Enterprise Linux Security update for ldb (SUSE-SU-2021:0945-1)
174843 SUSE Enterprise Linux Security update for ldb (SUSE-SU-2021:0944-1)
174860 SUSE Enterprise Linux Security Update for ldb (SUSE-SU-2021:0945-1)
174862 SUSE Enterprise Linux Security update for ldb (SUSE-SU-2021:0944-1)
174966 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2021:1444-1)
174982 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2021:1498-1)
178491 Debian Security Update for ldb (DSA 4884-1)
178508 Debian Security Update for ldb (DLA 2611-1)
198308 Ubuntu Security Notification for Ldb Vulnerabilities (USN-4888-1)
281411 Fedora Security Update for libldb (FEDORA-2021-1a8e93a285)
281412 Fedora Security Update for libldb (FEDORA-2021-c93a3a5d3f)
281423 Fedora Security Update for libldb (FEDORA-2021-c2d8628d33)
500625 Alpine Linux Security Update for samba
501491 Alpine Linux Security Update for samba
501780 Alpine Linux Security Update for samba
504391 Alpine Linux Security Update for samba
670411 EulerOS Security Update for samba (EulerOS-SA-2021-1988)
670415 EulerOS Security Update for libldb (EulerOS-SA-2021-1984)
670434 EulerOS Security Update for samba (EulerOS-SA-2021-2066)
670445 EulerOS Security Update for samba (EulerOS-SA-2021-2055)
670468 EulerOS Security Update for samba (EulerOS-SA-2021-2229)
670469 EulerOS Security Update for libldb (EulerOS-SA-2021-2222)
670639 EulerOS Security Update for libldb (EulerOS-SA-2021-2397)
670688 EulerOS Security Update for samba (EulerOS-SA-2021-2446)
670863 EulerOS Security Update for libldb (EulerOS-SA-2021-2591)
670896 EulerOS Security Update for libldb (EulerOS-SA-2021-1984)
670994 EulerOS Security Update for samba (EulerOS-SA-2021-2615)
690216 Free Berkeley Software Distribution (FreeBSD) Security Update for samba (1f6d97da-8f72-11eb-b3f1-005056a311d1)
710094 Gentoo Linux Samba Multiple vulnerabilities (GLSA 202105-22)
750236 OpenSUSE Security Update for samba (openSUSE-SU-2021:0636-1)
750299 OpenSUSE Security Update for ldb (openSUSE-SU-2021:0469-1)
751157 OpenSUSE Security Update for samba (openSUSE-SU-2021:3187-1)
751680 OpenSUSE Security Update for samba (openSUSE-SU-2022:0283-1)
751994 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0283-1)
901618 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (7351)