CVE-2021-20277

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-20277
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-05-12 14:15:00 UTC
Updated2023-11-07 03:29:00 UTC
DescriptionA flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 32 All All All
Operating System Fedoraproject Fedora 33 All All All
Operating System Fedoraproject Fedora 34 All All All
Application Samba Samba All All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 33 Update: libldb-2.2.1-1.fc33 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Samba - Security Announcement Archive MISC www.samba.org
[SECURITY] Fedora 32 Update: samba-4.12.14-0.fc32 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] [DLA 2611-1] ldb security update MLIST lists.debian.org
1941402 – (CVE-2021-20277) CVE-2021-20277 samba: Out of bounds read in AD DC LDAP server MISC bugzilla.redhat.com
[SECURITY] Fedora 33 Update: libldb-2.2.1-1.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Debian -- Security Information -- DSA-4884-1 ldb DEBIAN www.debian.org
March 2021 Samba Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Samba: Multiple vulnerabilities (GLSA 202105-22) — Gentoo security GENTOO security.gentoo.org
[SECURITY] Fedora 34 Update: samba-4.14.2-0.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 32 Update: samba-4.12.14-0.fc32 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 34 Update: samba-4.14.2-0.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159142 Oracle Enterprise Linux Security Update for libldb (ELSA-2021-1072)
  • 159149 Oracle Enterprise Linux Security Update for libldb (ELSA-2021-1197)
  • 174841 SUSE Enterprise Linux Security update for ldb (SUSE-SU-2021:0945-1)
  • 174843 SUSE Enterprise Linux Security update for ldb (SUSE-SU-2021:0944-1)
  • 174860 SUSE Enterprise Linux Security Update for ldb (SUSE-SU-2021:0945-1)
  • 174862 SUSE Enterprise Linux Security update for ldb (SUSE-SU-2021:0944-1)
  • 174966 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2021:1444-1)
  • 174982 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2021:1498-1)
  • 178491 Debian Security Update for ldb (DSA 4884-1)
  • 178508 Debian Security Update for ldb (DLA 2611-1)
  • 179613 Debian Security Update for ldb (CVE-2021-20277)
  • 198308 Ubuntu Security Notification for Ldb Vulnerabilities (USN-4888-1)
  • 239207 Red Hat Update for libldb (RHSA-2021:1072)
  • 239218 Red Hat Update for libldb (RHSA-2021:1214)
  • 239219 Red Hat Update for libldb (RHSA-2021:1213)
  • 239222 Red Hat Update for libldb (RHSA-2021:1197)
  • 239398 Red Hat Update for libldb (RHSA-2021:2331)
  • 239882 Red Hat Update for libldb (RHSA-2021:2786)
  • 257074 CentOS Security Update for libldb (CESA-2021:1072)
  • 281411 Fedora Security Update for libldb (FEDORA-2021-1a8e93a285)
  • 281412 Fedora Security Update for libldb (FEDORA-2021-c93a3a5d3f)
  • 281423 Fedora Security Update for libldb (FEDORA-2021-c2d8628d33)
  • 352265 Amazon Linux Security Advisory for libldb: ALAS-2021-1494
  • 352270 Amazon Linux Security Advisory for libldb: ALAS2-2021-1628
  • 376937 Alibaba Cloud Linux Security Update for libldb (ALINUX3-SA-2021:0028)
  • 377170 Alibaba Cloud Linux Security Update for libldb (ALINUX2-SA-2021:0017)
  • 500625 Alpine Linux Security Update for samba
  • 501491 Alpine Linux Security Update for samba
  • 501780 Alpine Linux Security Update for samba
  • 504391 Alpine Linux Security Update for samba
  • 670229 EulerOS Security Update for samba (EulerOS-SA-2021-1846)
  • 670266 EulerOS Security Update for libldb (EulerOS-SA-2021-1811)
  • 670411 EulerOS Security Update for samba (EulerOS-SA-2021-1988)
  • 670415 EulerOS Security Update for libldb (EulerOS-SA-2021-1984)
  • 670434 EulerOS Security Update for samba (EulerOS-SA-2021-2066)
  • 670445 EulerOS Security Update for samba (EulerOS-SA-2021-2055)
  • 670468 EulerOS Security Update for samba (EulerOS-SA-2021-2229)
  • 670469 EulerOS Security Update for libldb (EulerOS-SA-2021-2222)
  • 670639 EulerOS Security Update for libldb (EulerOS-SA-2021-2397)
  • 670688 EulerOS Security Update for samba (EulerOS-SA-2021-2446)
  • 670896 EulerOS Security Update for libldb (EulerOS-SA-2021-1984)
  • 690216 Free Berkeley Software Distribution (FreeBSD) Security Update for samba (1f6d97da-8f72-11eb-b3f1-005056a311d1)
  • 710094 Gentoo Linux Samba Multiple vulnerabilities (GLSA 202105-22)
  • 750236 OpenSUSE Security Update for samba (openSUSE-SU-2021:0636-1)
  • 750299 OpenSUSE Security Update for ldb (openSUSE-SU-2021:0469-1)
  • 751157 OpenSUSE Security Update for samba (openSUSE-SU-2021:3187-1)
  • 751680 OpenSUSE Security Update for samba (openSUSE-SU-2022:0283-1)
  • 751994 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0283-1)
  • 901040 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (7353)
  • 940161 AlmaLinux Security Update for libldb (ALSA-2021:1197)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report