CVE-2020-10730

Priority
Description
A NULL pointer dereference, or possible use-after-free flaw was found in
Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before
4.12.4. Although some versions of Samba shipped with Red Hat Enterprise
Linux do not support Samba in AD mode, the affected code is shipped with
the libldb package. This flaw allows an authenticated user to possibly
trigger a use-after-free or NULL pointer dereference. The highest threat
from this vulnerability is to system availability.
Assigned-to
mdeslaur
Notes
mdeslaurintroduced in 4.5
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.10.17,4.11.10,4.12.4)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:4.7.6+dfsg~ubuntu-0ubuntu2.17)
Ubuntu 20.04 LTS (Focal Fossa):released (2:4.11.6+dfsg-0ubuntu1.3)
Ubuntu 20.10 (Groovy Gorilla):released (2:4.12.5+dfsg-3ubuntu1)
More Information

Updated: 2020-08-07 18:15:18 UTC (commit 607dac16ae61b85277cca6bdfd72ba01ce7af515)