Your submission was sent successfully! Close

CVE-2020-27840

Published: 24 March 2021

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

Priority

High

CVSS 3 base score: 7.5

Status

Package Release Status
ldb
Launchpad, Ubuntu, Debian
bionic
Released (2:1.2.3-1ubuntu0.2)
focal
Released (2:2.0.10-0ubuntu0.20.04.3)
groovy
Released (2:2.1.4-2ubuntu0.1)
precise Does not exist

trusty
Released (1:1.1.24-0ubuntu0.14.04.2+esm1)
upstream Needs triage

xenial
Released (2:1.1.24-1ubuntu3.2)
samba
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not compiled)
focal Not vulnerable
(code not compiled)
groovy Not vulnerable
(code not compiled)
precise Not vulnerable
(code not compiled)
trusty Not vulnerable
(code not compiled)
upstream Needs triage

xenial Not vulnerable
(code not compiled)