Unrated severityNVD Advisory· Published May 4, 2020· Updated Aug 4, 2024
CVE-2020-10700
CVE-2020-10700
Description
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
Affected products
16- osv-coords15 versionspkg:rpm/opensuse/ldb&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ldb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.0.12-lp152.2.3.1+ 14 more
- (no CPE)range: < 2.0.12-lp152.2.3.1
- (no CPE)range: < 2.3.0-1.3
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-lp152.3.3.1
- (no CPE)range: < 4.14.6+git.182.2205d5224e3-1.1
- (no CPE)range: < 2.0.12-3.3.1
- (no CPE)range: < 1.5.8-3.5.1
- (no CPE)range: < 1.5.8-3.5.1
- (no CPE)range: < 1.5.8-3.5.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-4.5.1
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-4.5.1
- (no CPE)range: < 4.11.11+git.180.2cf3b203f07-4.5.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- (no CPE)range: < 4.10.17+git.203.862547088ca-3.14.1
- Red Hat/sambav5Range: All versions before 4.10.15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202007-15mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- www.samba.org/samba/security/CVE-2020-10700.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.