A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
                
            Metrics
Affected Vendors & Products
Advisories
    | Source | ID | Title | 
|---|---|---|
|  Debian DLA | DLA-2668-1 | samba security update | 
|  EUVD | EUVD-2021-7692 | A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. | 
|  Ubuntu USN | USN-4930-1 | Samba vulnerability | 
|  Ubuntu USN | USN-4931-1 | Samba vulnerabilities | 
Fixes
    Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
        History
                    Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-03T17:37:23.017Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20254
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2021-05-05T14:15:07.883
Modified: 2024-11-21T05:46:13.203
Link: CVE-2021-20254
 Redhat
                        Redhat
                     OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.