{"api_version":"1","generated_at":"2026-04-23T02:15:25+00:00","cve":"CVE-2020-14383","urls":{"html":"https://cve.report/CVE-2020-14383","api":"https://cve.report/api/cve/CVE-2020-14383.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14383","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14383"},"summary":{"title":"CVE-2020-14383","description":"A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-12-02 01:15:00","updated_at":"2021-05-05 12:57:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892636","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1892636","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1892636 – (CVE-2020-14383) CVE-2020-14383 samba: An authenticated user can crash the DCE/RPC DNS with easily crafted records","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.samba.org/samba/security/CVE-2020-14383.html","name":"https://www.samba.org/samba/security/CVE-2020-14383.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202012-24","name":"GLSA-202012-24","refsource":"GENTOO","tags":[],"title":"Samba: Multiple vulnerabilities (GLSA 202012-24) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14383","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14383","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14383","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14383","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14383","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14383","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14383","qid":"377403","title":"Alibaba Cloud Linux Security Update for samba (ALINUX3-SA-2021:0077)"},{"cve":"CVE-2020-14383","qid":"500630","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2020-14383","qid":"504390","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2020-14383","qid":"670205","title":"EulerOS Security Update for samba (EulerOS-SA-2021-1704)"},{"cve":"CVE-2020-14383","qid":"670878","title":"EulerOS Security Update for samba (EulerOS-SA-2021-1118)"},{"cve":"CVE-2020-14383","qid":"670887","title":"EulerOS Security Update for samba (EulerOS-SA-2021-1171)"},{"cve":"CVE-2020-14383","qid":"690368","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for samba (9ca85b7c-1b31-11eb-8762-005056a311d1)"},{"cve":"CVE-2020-14383","qid":"750610","title":"OpenSUSE Security Update for samba (openSUSE-SU-2020:1819-1)"},{"cve":"CVE-2020-14383","qid":"750611","title":"OpenSUSE Security Update for samba (openSUSE-SU-2020:1811-1)"},{"cve":"CVE-2020-14383","qid":"901151","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for samba (7349)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14383","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"samba","version":{"version_data":[{"version_value":"samba 4.11.15, samba 4.12.9, samba 4.13.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-391"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1892636","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892636"},{"refsource":"MISC","name":"https://www.samba.org/samba/security/CVE-2020-14383.html","url":"https://www.samba.org/samba/security/CVE-2020-14383.html"},{"refsource":"GENTOO","name":"GLSA-202012-24","url":"https://security.gentoo.org/glsa/202012-24"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not."}]}},"nvd":{"publishedDate":"2020-12-02 01:15:00","lastModifiedDate":"2021-05-05 12:57:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12.0","versionEndExcluding":"4.12.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13.0","versionEndExcluding":"4.13.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.11.15","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14383","Ordinal":"175613","Title":"CVE-2020-14383","CVE":"CVE-2020-14383","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14383","Ordinal":"1","NoteData":"A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14383","Ordinal":"2","NoteData":"2020-12-01","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14383","Ordinal":"3","NoteData":"2020-12-24","Type":"Other","Title":"Modified"}]}}}