CVE-2019-12436

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

Published: Jun 19, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-12436
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
samba / samba	4.10.0	4.10.5
canonical / ubuntu_linux	19.04	19.04.x

http://www.securityfocus.com/bid/108823
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ3LCJNJ3ONHIRKDSKOTT6QGXALLCHVG/
https://usn.ubuntu.com/4018-1/
https://www.samba.org/samba/security/CVE-2019-12436.html
https://www.synology.com/security/advisory/Synology_SA_19_27

Vulnerability Database

289,599

CVE-2019-12436