CVE-2020-10704

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Published: May 6, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10704
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-674

Affected Software
References

Software	From	Fixed in
samba / samba	4.12.0	4.12.2
samba / samba	4.11.0	4.11.8
samba / samba	4.0.0	4.10.15
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x
opensuse / leap	15.2	15.2.x
debian / debian_linux	9.0	9.0.x

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
https://lists.fedoraproject.org/archives/list/[email protected]/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/
https://security.gentoo.org/glsa/202007-15
https://www.samba.org/samba/security/CVE-2020-10704.html

Vulnerability Database

289,599

CVE-2020-10704