{"containers": {"cna": {"affected": [{"product": "Samba", "vendor": "n/a", "versions": [{"status": "affected", "version": "All Samba versions before 4.10.17, before 4.11.11 and before 4.12.4"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability."}], "problemTypes": [{"descriptions": [{"description": "Use After Free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-02T15:06:19", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B"}, {"tags": ["x_refsource_MISC"], "url": "https://www.samba.org/samba/security/CVE-2020-10730.html"}, {"name": "FEDORA-2020-5131d30947", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/"}, {"name": "openSUSE-SU-2020:0984", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html"}, {"name": "openSUSE-SU-2020:1023", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html"}, {"name": "GLSA-202007-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202007-15"}, {"name": "openSUSE-SU-2020:1121", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html"}, {"name": "openSUSE-SU-2020:1313", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html"}, {"name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"}, {"name": "DSA-4884", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4884"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Samba", "version": {"version_data": [{"version_value": "All Samba versions before 4.10.17, before 4.11.11 and before 4.12.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use After Free"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1849489;", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849489;"}, {"name": "https://www.samba.org/samba/security/CVE-2020-10730.html", "refsource": "MISC", "url": "https://www.samba.org/samba/security/CVE-2020-10730.html"}, {"name": "FEDORA-2020-5131d30947", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/"}, {"name": "openSUSE-SU-2020:0984", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html"}, {"name": "openSUSE-SU-2020:1023", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html"}, {"name": "GLSA-202007-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-15"}, {"name": "openSUSE-SU-2020:1121", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html"}, {"name": "openSUSE-SU-2020:1313", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html"}, {"name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"}, {"name": "DSA-4884", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4884"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:14:14.217Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2020-10730.html"}, {"name": "FEDORA-2020-5131d30947", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/"}, {"name": "openSUSE-SU-2020:0984", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html"}, {"name": "openSUSE-SU-2020:1023", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html"}, {"name": "GLSA-202007-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202007-15"}, {"name": "openSUSE-SU-2020:1121", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html"}, {"name": "openSUSE-SU-2020:1313", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html"}, {"name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"}, {"name": "DSA-4884", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4884"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10730", "datePublished": "2020-07-07T13:38:04", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:14.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFE2F478-6A74-4D4A-A914-F1B29CB8620F", "versionEndExcluding": "4.10.17", "versionStartIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE656EC4-DE4C-4921-A22D-88C9CEDFFECB", "versionEndExcluding": "4.11.11", "versionStartIncluding": "4.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D8FF3AF-B703-4021-8156-3D767FA10B8E", "versionEndExcluding": "4.12.4", "versionStartIncluding": "4.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se encontr\u00f3 una desreferencia del puntero NULL, o un posible fallo de uso de la memoria previamente liberada en el servidor LDAP de Samba AD en versiones anteriores a 4.10.17, anteriores a 4.11.11 y anteriores a 4.12.4. Aunque algunas versiones de Samba incluidas con Red Hat Enterprise Linux no son compatibles con Samba en modo AD, el c\u00f3digo afectado se incluye con el paquete libldb. Este fallo permite a un usuario autenticado desencadenar posiblemente una desreferencia del puntero NULL o un uso de la memoria previamente liberada. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "id": "CVE-2020-10730", "lastModified": "2024-11-21T04:55:56.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-07T14:15:10.927", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202007-15"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4884"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2020-10730.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849489%3B"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202007-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2020-10730.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Andrew Bartlett as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:4568", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libldb-0:2.1.3-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:3118", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "impact": "low", "package": "samba-0:4.11.6-107.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2020-07-23T00:00:00Z"}, {"advisory": "RHSA-2020:3119", "cpe": "cpe:/a:redhat:storage:3.5:samba:el8", "impact": "low", "package": "samba-0:4.11.6-107.el8rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 8", "release_date": "2020-07-23T00:00:00Z"}], "bugzilla": {"description": "samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results", "id": "1849489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849489"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.", "A NULL pointer dereference, or possible use-after-free flaw was found in the Samba AD LDAP server. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-10730", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "libldb", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libldb", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libldb", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-07-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10730\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10730\nhttps://www.samba.org/samba/security/CVE-2020-10730.html"], "statement": "The version of samba shipped with Red Hat Gluster Storage 3 is built with a private copy of ldb which includes the vulnerable code. However, samba shipped with RHGS 3 is not supported for use as an AD DC and hence this issue has been rated as having a security impact of Low.", "threat_severity": "Moderate", "upstream_fix": "samba 4.10.17, samba 4.11.11, samba 4.12.4"}