AZL-36999 CVE-2021-20254 affecting package samba for versions less than 4.18.3-1

🗓️ 05 May 2021 14:15:07Reported by GoogleType

osv

osv🔗 osv.dev

Samba prior to 4.18.3-1: SID to GID mapping may read past array end, risking confidentiality.

Reporter	Title	Published	Views	Family All 195
IBM Security Bulletins	Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified	14 Oct 202116:55	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-20254)	6 Dec 202114:13	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)	30 Jun 202203:51	–	ibm
IBM Security Bulletins	Security Bulletin: Samba for IBM i is affected by CVE-2021-20254	13 May 202114:26	–	ibm
FreeBSD	samba -- negative idmap cache entries vulnerability	29 Apr 202100:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : samba (ALAS-2021-1680)	1 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : samba (ALAS-2022-1564)	19 Feb 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0077: samba (ALINUX3-SA-2021:0077)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : samba (ALSA-2021:4058)	9 Feb 202200:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: samba (CVE-2021-20254)	22 Jan 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-20254

21 Apr 2026 04:25Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.8

EPSS0.01764

Samba Windows security identifiers Unix group identifiers mapping cache negative cache entry data confidentiality data integrity