CVE-2020-10700

2020-05-0421:15:00

Debian Security Bug Tracker

security-tracker.debian.org

0.004 Low

EPSS

Percentile

73.4%

JSON

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled ‘Paged Results’ control is combined with the ‘ASQ’ control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

OSVersionArchitecturePackageVersionFilename
Debian12allsamba< 2:4.12.3+dfsg-2samba_2:4.12.3+dfsg-2_all.deb
Debian11allsamba< 2:4.12.3+dfsg-2samba_2:4.12.3+dfsg-2_all.deb
Debian10allsamba< 2:4.9.5+dfsg-5+deb10u3samba_2:4.9.5+dfsg-5+deb10u3_all.deb
Debian999allsamba< 2:4.12.3+dfsg-2samba_2:4.12.3+dfsg-2_all.deb
Debian13allsamba< 2:4.12.3+dfsg-2samba_2:4.12.3+dfsg-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	samba	< 2:4.12.3+dfsg-2	samba_2:4.12.3+dfsg-2_all.deb
Debian	11	all	samba	< 2:4.12.3+dfsg-2	samba_2:4.12.3+dfsg-2_all.deb
Debian	10	all	samba	< 2:4.9.5+dfsg-5+deb10u3	samba_2:4.9.5+dfsg-5+deb10u3_all.deb
Debian	999	all	samba	< 2:4.12.3+dfsg-2	samba_2:4.12.3+dfsg-2_all.deb
Debian	13	all	samba	< 2:4.12.3+dfsg-2	samba_2:4.12.3+dfsg-2_all.deb