Vulnerability Details CVE-2020-10700
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 2.6
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
- https://security.gentoo.org/glsa/202007-15
- https://www.samba.org/samba/security/CVE-2020-10700.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
- https://security.gentoo.org/glsa/202007-15
- https://www.samba.org/samba/security/CVE-2020-10700.html
Products affected by CVE-2020-10700
-
cpe:2.3:a:samba:samba:4.10.0
-
cpe:2.3:a:samba:samba:4.10.1
-
cpe:2.3:a:samba:samba:4.10.10
-
cpe:2.3:a:samba:samba:4.10.11
-
cpe:2.3:a:samba:samba:4.10.12
-
cpe:2.3:a:samba:samba:4.10.13
-
cpe:2.3:a:samba:samba:4.10.14
-
cpe:2.3:a:samba:samba:4.10.2
-
cpe:2.3:a:samba:samba:4.10.3
-
cpe:2.3:a:samba:samba:4.10.4
-
cpe:2.3:a:samba:samba:4.10.5
-
cpe:2.3:a:samba:samba:4.10.8
-
cpe:2.3:a:samba:samba:4.10.9
-
cpe:2.3:a:samba:samba:4.11.0
-
cpe:2.3:a:samba:samba:4.11.1
-
cpe:2.3:a:samba:samba:4.11.2
-
cpe:2.3:a:samba:samba:4.11.3
-
cpe:2.3:a:samba:samba:4.11.4
-
cpe:2.3:a:samba:samba:4.11.5
-
cpe:2.3:a:samba:samba:4.11.6
-
cpe:2.3:a:samba:samba:4.11.7
-
cpe:2.3:a:samba:samba:4.12.0
-
cpe:2.3:a:samba:samba:4.12.1
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:opensuse:leap:15.2