{"containers": {"cna": {"affected": [{"product": "samba", "vendor": "n/a", "versions": [{"status": "affected", "version": "Affects Samba 4.1 and newer."}]}], "descriptions": [{"lang": "en", "value": "MaxQueryDuration not honoured in Samba AD DC LDAP"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 - Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-23T15:50:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077533"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=14694"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393"}, {"url": "https://security.gentoo.org/glsa/202309-06"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:08.429Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077533"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=14694"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393"}, {"url": "https://security.gentoo.org/glsa/202309-06", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3670", "datePublished": "2022-08-23T15:50:25", "dateReserved": "2021-07-30T00:00:00", "dateUpdated": "2024-08-03T17:01:08.429Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED3DD507-0A0D-4BB9-8789-FB6BBCDEB506", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MaxQueryDuration not honoured in Samba AD DC LDAP"}, {"lang": "es", "value": "MaxQueryDuration no es cumplido en Samba AD DC LDAP"}], "id": "CVE-2021-3670", "lastModified": "2023-09-17T09:15:09.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-23T16:15:09.393", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077533"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=14694"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "samba: MaxQueryDuration not honoured in Samba AD DC LDAP", "id": "2077533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077533"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400->CWE-770", "details": ["MaxQueryDuration not honoured in Samba AD DC LDAP"], "name": "CVE-2021-3670", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "samba", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-04-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3670\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3670"], "statement": "Versions of samba shipped in Red Hat Enterprise Linux are not affected because the Samba AD is not shipped with our binary RPMs, only its source code is present in our code base.\nRed Hat Enterprise Virtualization 4 consumes RHEL-8 samba, and as RHEL-8 is not affected, Hence, RHEV is also not affected.", "threat_severity": "Moderate"}