Home

CVE-2020-10700

Description

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled Paged Results control is combined with the ASQ control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.857

Associated Vulnerability

VulnerabilityOS Platform
SMB/CIFS file, print, and login server for Unix (USN-4341-1) samba_4.10.7+dfsg-0ubuntu2.5_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-4341-1) samba_4.10.7+dfsg-0ubuntu2.5_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-4341-1) samba_4.11.6+dfsg-0ubuntu1.1_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-4341-1) samba_4.3.11+dfsg-0ubuntu0.16.04.26_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-4341-1) samba_4.3.11+dfsg-0ubuntu0.16.04.26_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-4341-1) samba_4.7.6+dfsg~ubuntu-0ubuntu2.16_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-4341-1) samba_4.7.6+dfsg~ubuntu-0ubuntu2.16_amd64.debLinux
SUSE-SU-2020:2673-1(SUSE Linux Enterprise Server 12-SP5 ) ldb-debugsource-1.5.8-3.5.1.x86_64.rpmLinux
SUSE-SU-2020:2673-1(SUSE Linux Enterprise Server 12-SP5 ) ldb-tools-1.5.8-3.5.1.x86_64.rpmLinux
SUSE-SU-2020:2673-1(SUSE Linux Enterprise Server 12-SP5 ) ldb-tools-debuginfo-1.5.8-3.5.1.x86_64.rpmLinux
SUSE-SU-2020:2673-1(SUSE Linux Enterprise Server 12-SP5 ) libldb1-1.5.8-3.5.1.x86_64.rpmLinux
SUSE-SU-2020:2673-1(SUSE Linux Enterprise Server 12-SP5 ) libldb1-32bit-1.5.8-3.5.1.x86_64.rpmLinux
SUSE-SU-2020:2673-1(SUSE Linux Enterprise Server 12-SP5 ) libldb1-debuginfo-1.5.8-3.5.1.x86_64.rpmLinux
SUSE-SU-2020:2673-1(SUSE Linux Enterprise Server 12-SP5 ) libldb1-debuginfo-32bit-1.5.8-3.5.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234