Vulnerability CVE-2020-10730


Published: 2020-07-07

Description:
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Type:

CWE-476

(NULL Pointer Dereference)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Samba -> Samba 
Redhat -> Storage 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1849489
;
https://www.samba.org/samba/security/CVE-2020-10730.html

Copyright 2024, cxsecurity.com

 

Back to Top