CVE-2021-20277

Description

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

Related CPE's

asambasamba********

asambasamba********

asambasamba********

odebiandebian_linux9.0*******

odebiandebian_linux10.0*******

ofedoraprojectfedora32*******

ofedoraprojectfedora33*******

ofedoraprojectfedora34*******

References

[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1941402

Issue TrackingThird Party Advisory

https://www.samba.org/samba/security/CVE-2021-20277.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20210326-0007/

Third Party Advisory

FEDORA-2021-1a8e93a285

Mailing ListThird Party Advisory

FEDORA-2021-c93a3a5d3f

Mailing ListThird Party Advisory

DSA-4884

Third Party Advisory

FEDORA-2021-c2d8628d33

Mailing ListThird Party Advisory

GLSA-202105-22

Third Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io