CVE-2020-14323
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
29/10/2020
Last modified:
03/07/2024
Description
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 3.6.0 (including) | 4.11.15 (excluding) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.12.0 (including) | 4.12.9 (excluding) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.13.0 (including) | 4.13.1 (excluding) |
| cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1891685
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/
- https://security.gentoo.org/glsa/202012-24
- https://security.netapp.com/advisory/ntap-20201103-0001/
- https://www.samba.org/samba/security/CVE-2020-14323.html