CVE-2020-10700

Description

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Related CPE's

asambasamba********

asambasamba********

asambasamba********

ofedoraprojectfedora30*******

ofedoraprojectfedora31*******

ofedoraprojectfedora32*******

oopensuseleap15.2*******

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700

Issue TrackingThird Party Advisory

https://www.samba.org/samba/security/CVE-2020-10700.html

Vendor Advisory

FEDORA-2020-c931060ab7

Mailing ListThird Party Advisory

FEDORA-2020-e244c98af5

Third Party Advisory

FEDORA-2020-9cf0b1c8f1

Third Party Advisory

openSUSE-SU-2020:1023

Mailing ListThird Party Advisory

GLSA-202007-15

Third Party Advisory

openSUSE-SU-2020:1313

Mailing ListThird Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AttackVector

NETWORK

AttackComplexity

HIGH

PrivilegesRequired

NONE

UserInteraction

REQUIRED

Scope

UNCHANGED

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

HIGH

BaseScore

5.3

BaseSeverity

MEDIUM

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:H/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

HIGH

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

2.5999999046325684

Created by Yello
About Severity.io