Your submission was sent successfully! Close

CVE-2021-20277

Published: 24 March 2021

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

Notes

AuthorNote
mdeslaur
This issue is actually in the ldb package, the samba package
uses the system ldb library, not the included one
Priority

High

CVSS 3 base score: 7.1

Status

Package Release Status
ldb
Launchpad, Ubuntu, Debian
bionic
Released (2:1.2.3-1ubuntu0.2)
focal
Released (2:2.0.10-0ubuntu0.20.04.3)
groovy
Released (2:2.1.4-2ubuntu0.1)
precise Does not exist

trusty
Released (1:1.1.24-0ubuntu0.14.04.2+esm1)
upstream Needs triage

xenial
Released (2:1.1.24-1ubuntu3.2)
Patches:
upstream: https://bugzilla.samba.org/attachment.cgi?id=16525 (master)
upstream: https://bugzilla.samba.org/attachment.cgi?id=16527 (4.13)
upstream: https://bugzilla.samba.org/attachment.cgi?id=16528 (4.12)



samba
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not compiled)
focal Not vulnerable
(code not compiled)
groovy Not vulnerable
(code not compiled)
precise Not vulnerable
(code not compiled)
trusty Not vulnerable
(code not compiled)
upstream Needs triage

xenial Not vulnerable
(code not compiled)
Patches:



upstream: https://bugzilla.samba.org/attachment.cgi?id=16525 (master)
upstream: https://bugzilla.samba.org/attachment.cgi?id=16527 (4.13)
upstream: https://bugzilla.samba.org/attachment.cgi?id=16528 (4.12)