Unrated severityNVD Advisory· Published Oct 29, 2020· Updated Aug 4, 2024

CVE-2020-14323

Description

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

Affected products

samba/Winbind servicedescription
osv-coords46 versions
pkg:rpm/almalinux/libsmbclient-devel pkg:rpm/almalinux/libwbclient-devel pkg:rpm/almalinux/openchange pkg:rpm/almalinux/samba-devel pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed pkg:rpm/suse/samba&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
< 4.13.3-3.el8+ 45 more
- (no CPE)range: < 4.13.3-3.el8
- (no CPE)range: < 4.13.3-3.el8
- (no CPE)range: < 2.3-27.el8
- (no CPE)range: < 4.13.3-3.el8
- (no CPE)range: < 4.9.5+git.383.7b7f8f14df8-lp151.2.36.1
- (no CPE)range: < 4.11.14+git.202.344b137b75d-lp152.3.16.1
- (no CPE)range: < 4.14.6+git.182.2205d5224e3-1.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.9.5+git.383.7b7f8f14df8-3.47.1
- (no CPE)range: < 4.13.3+git.181.fc4672a5b81-3.3.1
- (no CPE)range: < 4.4.2-38.39.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.10.18+git.219.1d732314d96-3.20.1
- (no CPE)range: < 4.7.11+git.280.25dfd9a947d-4.51.1
- (no CPE)range: < 4.9.5+git.383.7b7f8f14df8-3.47.1
- (no CPE)range: < 4.11.14+git.202.344b137b75d-4.14.1
- (no CPE)range: < 4.7.11+git.280.25dfd9a947d-4.51.1
- (no CPE)range: < 4.7.11+git.280.25dfd9a947d-4.51.1
- (no CPE)range: < 4.9.5+git.383.7b7f8f14df8-3.47.1
- (no CPE)range: < 4.11.14+git.202.344b137b75d-4.14.1
- (no CPE)range: < 4.9.5+git.383.7b7f8f14df8-3.47.1
- (no CPE)range: < 4.11.14+git.202.344b137b75d-4.14.1
- (no CPE)range: < 3.6.3-94.31.1
- (no CPE)range: < 3.6.3-94.31.1
- (no CPE)range: < 4.4.2-38.39.1
- (no CPE)range: < 4.4.2-38.39.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.10.18+git.219.1d732314d96-3.20.1
- (no CPE)range: < 4.7.11+git.280.25dfd9a947d-4.51.1
- (no CPE)range: < 4.4.2-38.39.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.10.18+git.219.1d732314d96-3.20.1
- (no CPE)range: < 4.7.11+git.280.25dfd9a947d-4.51.1
- (no CPE)range: < 4.10.18+git.219.1d732314d96-3.20.1
- (no CPE)range: < 4.4.2-38.39.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 4.6.16+git.248.c833312e640-3.58.1
- (no CPE)range: < 3.6.3-94.31.1
- (no CPE)range: < 3.6.3-94.31.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.htmlmitrevendor-advisory
lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.htmlmitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/mitrevendor-advisory
security.gentoo.org/glsa/202012-24mitrevendor-advisory
lists.debian.org/debian-lts-announce/2020/11/msg00041.htmlmitremailing-list
lists.debian.org/debian-lts-announce/2024/04/msg00015.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre
security.netapp.com/advisory/ntap-20201103-0001/mitre
www.samba.org/samba/security/CVE-2020-14323.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000