CVE-2020-14303

Published: 06 July 2020

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla)
Released (2:4.12.5+dfsg-3ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2:4.11.6+dfsg-0ubuntu1.4)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:4.7.6+dfsg~ubuntu-0ubuntu2.18)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2:4.3.11+dfsg-0ubuntu0.16.04.29)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:4.3.11+dfsg-0ubuntu0.14.04.20+esm8)
Ubuntu 12.04 ESM (Precise Pangolin)
Released (2:3.6.25-0ubuntu0.12.04.21)
Patches:
Upstream: https://github.com/samba-team/samba/commit/3cc0f1eeda5f133532dda31eef9fc1b394127e50