{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-20251", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T17:37:23.406Z", "dateReserved": "2020-12-17T00:00:00", "datePublished": "2023-03-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-17T08:06:39.991907"}, "descriptions": [{"lang": "en", "value": "A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "Samba 4.1 and newer", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929800"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=14611"}, {"url": "https://security.netapp.com/advisory/ntap-20230331-0005/"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-362", "cweId": "CWE-362"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.406Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929800", "tags": ["x_transferred"]}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=14611", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230331-0005/", "tags": ["x_transferred"]}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "117BD99B-5201-47C9-8A0C-99C23BAACE76", "versionEndExcluding": "4.16.8", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "96E911B3-B4DD-451C-9579-74559328F89F", "versionEndExcluding": "4.17.4", "versionStartIncluding": "4.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met."}, {"lang": "es", "value": "Se ha encontrado un fallo en samba. Una condici\u00f3n de ejecuci\u00f3n en el c\u00f3digo de bloqueo de contrase\u00f1as puede conllevar el riesgo de que los ataques de fuerza bruta tengan \u00e9xito si se cumplen unas condiciones especiales."}], "id": "CVE-2021-20251", "lastModified": "2023-09-17T09:15:09.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-06T23:15:10.387", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929800"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=14611"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230331-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "samba: Race condition in the bad password lockout code", "id": "1929800", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929800"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-362", "details": ["A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.", "A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met."], "name": "CVE-2021-20251", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Under investigation", "package_name": "samba", "product_name": "Red Hat Storage 3"}], "public_date": "2021-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20251\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20251"], "threat_severity": "Low"}