CVE-2020-10730
Last modified
CVE-2020-10730 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. EPSS estimates a 2.44% chance of exploitation in the next 30 days.
Description
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 4.5.0, < 4.10.17 |
| Samba | Samba | >= 4.11.0, < 4.11.11 |
| Samba | Samba | >= 4.12.0, < 4.12.4 |
| Redhat | Storage | 3.0 |
| Opensuse | Leap | 15.1 |
| Opensuse | Leap | 15.2 |
| Fedoraproject | Fedora | 31 |
| Debian | Debian Linux | 9.0 |
| Debian | Debian Linux | 10.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.htmlIssue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/202007-15Third Party Advisory
- https://www.debian.org/security/2021/dsa-4884Third Party Advisory
- https://www.samba.org/samba/security/CVE-2020-10730.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.htmlMailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.htmlIssue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/202007-15Third Party Advisory
- https://www.debian.org/security/2021/dsa-4884Third Party Advisory
- https://www.samba.org/samba/security/CVE-2020-10730.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10730?
How severe is CVE-2020-10730?
How do I fix CVE-2020-10730?
Are you affected by CVE-2020-10730?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST