Vulnerability-Lookup

CVE-2021-20277 (GCVE-0-2021-20277)

Vulnerability from cvelistv5 – Published: 2021-05-12 13:54 – Updated: 2024-08-03 17:37

Summary

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

Severity ?

No CVSS data available.

CWE

CWE-125

Assigner

redhat

References

9 references

URL	Tags
https://security.netapp.com/advisory/ntap-2021032…	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2021/dsa-4884	vendor-advisoryx_refsource_DEBIAN
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=1941402	x_refsource_MISC
https://www.samba.org/samba/security/CVE-2021-202…	x_refsource_MISC
https://security.gentoo.org/glsa/202105-22	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
n/a	samba	Affected: samba 4.14.1, samba 4.13.6, samba 4.12.13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:24.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
          },
          {
            "name": "FEDORA-2021-c2d8628d33",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
          },
          {
            "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
          },
          {
            "name": "DSA-4884",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4884"
          },
          {
            "name": "FEDORA-2021-1a8e93a285",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
          },
          {
            "name": "FEDORA-2021-c93a3a5d3f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
          },
          {
            "name": "GLSA-202105-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "samba 4.14.1, samba 4.13.6, samba 4.12.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T11:08:41.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
        },
        {
          "name": "FEDORA-2021-c2d8628d33",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
        },
        {
          "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
        },
        {
          "name": "DSA-4884",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4884"
        },
        {
          "name": "FEDORA-2021-1a8e93a285",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
        },
        {
          "name": "FEDORA-2021-c93a3a5d3f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
        },
        {
          "name": "GLSA-202105-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "samba 4.14.1, samba 4.13.6, samba 4.12.13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20210326-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
            },
            {
              "name": "FEDORA-2021-c2d8628d33",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
            },
            {
              "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
            },
            {
              "name": "DSA-4884",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4884"
            },
            {
              "name": "FEDORA-2021-1a8e93a285",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
            },
            {
              "name": "FEDORA-2021-c93a3a5d3f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2021-20277.html",
              "refsource": "MISC",
              "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
            },
            {
              "name": "GLSA-202105-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20277",
    "datePublished": "2021-05-12T13:54:05.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:37:24.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-20277",
      "date": "2026-05-24",
      "epss": "0.08492",
      "percentile": "0.92467"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndExcluding\": \"4.12.13\", \"matchCriteriaId\": \"F2EE6834-8738-446C-BD67-B1D69AD8DFAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.13.0\", \"versionEndExcluding\": \"4.13.6\", \"matchCriteriaId\": \"54588EC1-AE17-47FD-AFB7-70AB43A49515\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.14.0\", \"versionEndExcluding\": \"4.14.1\", \"matchCriteriaId\": \"4B8145B4-A320-40A3-A24B-3DE0A0170639\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en libldb de Samba. M\\u00faltiples espacios iniciales consecutivos en un atributo LDAP pueden conllevar a una escritura de memoria fuera de los l\\u00edmites, conllevando a un bloqueo del proceso del servidor LDAP que maneja la petici\\u00f3n. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema\"}]",
      "id": "CVE-2021-20277",
      "lastModified": "2024-11-21T05:46:16.007",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-05-12T14:15:11.140",
      "references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1941402\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202105-22\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210326-0007/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4884\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.samba.org/samba/security/CVE-2021-20277.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1941402\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202105-22\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210326-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4884\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.samba.org/samba/security/CVE-2021-20277.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20277\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-05-12T14:15:11.140\",\"lastModified\":\"2024-11-21T05:46:16.007\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en libldb de Samba. M\u00faltiples espacios iniciales consecutivos en un atributo LDAP pueden conllevar a una escritura de memoria fuera de los l\u00edmites, conllevando a un bloqueo del proceso del servidor LDAP que maneja la petici\u00f3n. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.12.13\",\"matchCriteriaId\":\"F2EE6834-8738-446C-BD67-B1D69AD8DFAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.13.0\",\"versionEndExcluding\":\"4.13.6\",\"matchCriteriaId\":\"54588EC1-AE17-47FD-AFB7-70AB43A49515\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.0\",\"versionEndExcluding\":\"4.14.1\",\"matchCriteriaId\":\"4B8145B4-A320-40A3-A24B-3DE0A0170639\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1941402\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202105-22\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210326-0007/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4884\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.samba.org/samba/security/CVE-2021-20277.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1941402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202105-22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210326-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.samba.org/samba/security/CVE-2021-20277.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-218

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le serveur LDAP de Samba lorsqu'il est utilisé comme contrôleur de domaine Active Directory. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Samba versions 4.14.x antérieures à 4.14.1
Samba versions 4.13.x antérieures à 4.13.6
Samba versions 4.12.x antérieures à 4.12.13

Des versions 4.14.2, 4.13.7 et 4.12.14 ont également été publiées pour prendre en compte une dépendance avec le moteur de base de données LDB en version 2.3.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Samba CVE-2020-27840 du 24 mars 2021	None	vendor-advisory
Bulletin de sécurité Samba CVE-2021-20277 du 24 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eSamba versions 4.14.x ant\u00e9rieures \u00e0 4.14.1\u003c/li\u003e \u003cli\u003eSamba versions 4.13.x ant\u00e9rieures \u00e0 4.13.6\u003c/li\u003e \u003cli\u003eSamba versions 4.12.x ant\u00e9rieures \u00e0 4.12.13\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eDes versions 4.14.2, 4.13.7 et 4.12.14 ont \u00e9galement \u00e9t\u00e9 publi\u00e9es pour prendre en compte une d\u00e9pendance avec le moteur de base de donn\u00e9es LDB en version 2.3.0.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27840"
    },
    {
      "name": "CVE-2021-20277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20277"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-218",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le serveur LDAP de\nSamba lorsqu\u0027il est utilis\u00e9 comme contr\u00f4leur de domaine Active\nDirectory. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le serveur LDAP de Samba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2020-27840 du 24 mars 2021",
      "url": "https://www.samba.org/samba/security/CVE-2020-27840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2021-20277 du 24 mars 2021",
      "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
    }
  ]
}

CERTFR-2021-AVI-638

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Juniper Junos Space. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Junos Space versions antérieures à 21.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11206 du 17 août 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 21.2R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2021-25215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
    },
    {
      "name": "CVE-2020-16092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16092"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2020-29661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
    },
    {
      "name": "CVE-2020-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15862"
    },
    {
      "name": "CVE-2020-13765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13765"
    },
    {
      "name": "CVE-2021-20305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
    },
    {
      "name": "CVE-2020-1472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
    },
    {
      "name": "CVE-2020-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
    },
    {
      "name": "CVE-2019-19532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
    },
    {
      "name": "CVE-2021-27364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
    },
    {
      "name": "CVE-2020-14318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14318"
    },
    {
      "name": "CVE-2021-27365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2020-25705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
    },
    {
      "name": "CVE-2021-26937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26937"
    },
    {
      "name": "CVE-2021-27803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27803"
    },
    {
      "name": "CVE-2020-10543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
    },
    {
      "name": "CVE-2020-12723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
    },
    {
      "name": "CVE-2021-20277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20277"
    },
    {
      "name": "CVE-2020-25656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
    },
    {
      "name": "CVE-2020-29573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
    },
    {
      "name": "CVE-2021-20265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
    },
    {
      "name": "CVE-2020-25211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
    },
    {
      "name": "CVE-2020-14364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
    },
    {
      "name": "CVE-2020-28374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
    },
    {
      "name": "CVE-2020-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
    },
    {
      "name": "CVE-2020-14351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
    },
    {
      "name": "CVE-2020-14323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
    },
    {
      "name": "CVE-2020-25645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
    },
    {
      "name": "CVE-2020-1983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
    },
    {
      "name": "CVE-2020-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-638",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Junos\nSpace. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Junos Space",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11206 du 17 ao\u00fbt 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11206\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2021-AVI-218

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Samba versions 4.14.x antérieures à 4.14.1
Samba versions 4.13.x antérieures à 4.13.6
Samba versions 4.12.x antérieures à 4.12.13

Des versions 4.14.2, 4.13.7 et 4.12.14 ont également été publiées pour prendre en compte une dépendance avec le moteur de base de données LDB en version 2.3.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Samba CVE-2020-27840 du 24 mars 2021	None	vendor-advisory
Bulletin de sécurité Samba CVE-2021-20277 du 24 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eSamba versions 4.14.x ant\u00e9rieures \u00e0 4.14.1\u003c/li\u003e \u003cli\u003eSamba versions 4.13.x ant\u00e9rieures \u00e0 4.13.6\u003c/li\u003e \u003cli\u003eSamba versions 4.12.x ant\u00e9rieures \u00e0 4.12.13\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eDes versions 4.14.2, 4.13.7 et 4.12.14 ont \u00e9galement \u00e9t\u00e9 publi\u00e9es pour prendre en compte une d\u00e9pendance avec le moteur de base de donn\u00e9es LDB en version 2.3.0.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27840"
    },
    {
      "name": "CVE-2021-20277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20277"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-218",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le serveur LDAP de\nSamba lorsqu\u0027il est utilis\u00e9 comme contr\u00f4leur de domaine Active\nDirectory. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le serveur LDAP de Samba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2020-27840 du 24 mars 2021",
      "url": "https://www.samba.org/samba/security/CVE-2020-27840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Samba CVE-2021-20277 du 24 mars 2021",
      "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
    }
  ]
}

CERTFR-2021-AVI-638

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Junos Space versions antérieures à 21.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11206 du 17 août 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 21.2R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2021-25215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
    },
    {
      "name": "CVE-2020-16092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16092"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2020-29661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
    },
    {
      "name": "CVE-2020-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15862"
    },
    {
      "name": "CVE-2020-13765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13765"
    },
    {
      "name": "CVE-2021-20305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
    },
    {
      "name": "CVE-2020-1472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
    },
    {
      "name": "CVE-2020-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
    },
    {
      "name": "CVE-2019-19532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
    },
    {
      "name": "CVE-2021-27364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
    },
    {
      "name": "CVE-2020-14318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14318"
    },
    {
      "name": "CVE-2021-27365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2020-25705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
    },
    {
      "name": "CVE-2021-26937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26937"
    },
    {
      "name": "CVE-2021-27803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27803"
    },
    {
      "name": "CVE-2020-10543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
    },
    {
      "name": "CVE-2020-12723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
    },
    {
      "name": "CVE-2021-20277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20277"
    },
    {
      "name": "CVE-2020-25656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
    },
    {
      "name": "CVE-2020-29573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
    },
    {
      "name": "CVE-2021-20265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
    },
    {
      "name": "CVE-2020-25211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
    },
    {
      "name": "CVE-2020-14364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
    },
    {
      "name": "CVE-2020-28374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
    },
    {
      "name": "CVE-2020-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
    },
    {
      "name": "CVE-2020-14351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
    },
    {
      "name": "CVE-2020-14323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14323"
    },
    {
      "name": "CVE-2020-25645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
    },
    {
      "name": "CVE-2020-1983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
    },
    {
      "name": "CVE-2020-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-638",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Junos\nSpace. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Junos Space",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11206 du 17 ao\u00fbt 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11206\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CNVD-2021-28711

Vulnerability from cnvd - Published: 2021-04-15

Title

Samba拒绝服务漏洞（CNVD-2021-28711）

Description

Samba是Samba团队的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba存在安全漏洞，攻击者可利用该漏洞可以通过AD DC LDAP Server强制读取无效地址，以触发拒绝服务，或获取敏感信息。

Severity

高

Patch Name

Samba拒绝服务漏洞（CNVD-2021-28711）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.samba.org/samba/security/CVE-2021-20277.html

Reference

https://vigilance.fr/vulnerability/Samba-out-of-bounds-memory-reading-via-AD-DC-LDAP-Server-34931

Impacted products

Name
Samba Samba null

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-20277",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-20277"
    }
  },
  "description": "Samba\u662fSamba\u56e2\u961f\u7684\u4e00\u5957\u53ef\u4f7fUNIX\u7cfb\u5217\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e0e\u5fae\u8f6fWindows\u64cd\u4f5c\u7cfb\u7edf\u7684SMB/CIFS\u7f51\u7edc\u534f\u8bae\u505a\u8fde\u7ed3\u7684\u81ea\u7531\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5171\u4eab\u6253\u5370\u673a\u3001\u4e92\u76f8\u4f20\u8f93\u8d44\u6599\u6587\u4ef6\u7b49\u3002\n\nSamba\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u901a\u8fc7AD DC LDAP Server\u5f3a\u5236\u8bfb\u53d6\u65e0\u6548\u5730\u5740\uff0c\u4ee5\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\uff0c\u6216\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.samba.org/samba/security/CVE-2021-20277.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28711",
  "openTime": "2021-04-15",
  "patchDescription": "Samba\u662fSamba\u56e2\u961f\u7684\u4e00\u5957\u53ef\u4f7fUNIX\u7cfb\u5217\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e0e\u5fae\u8f6fWindows\u64cd\u4f5c\u7cfb\u7edf\u7684SMB/CIFS\u7f51\u7edc\u534f\u8bae\u505a\u8fde\u7ed3\u7684\u81ea\u7531\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5171\u4eab\u6253\u5370\u673a\u3001\u4e92\u76f8\u4f20\u8f93\u8d44\u6599\u6587\u4ef6\u7b49\u3002\r\n\r\nSamba\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u901a\u8fc7AD DC LDAP Server\u5f3a\u5236\u8bfb\u53d6\u65e0\u6548\u5730\u5740\uff0c\u4ee5\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\uff0c\u6216\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samba\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-28711\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Samba Samba null"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Samba-out-of-bounds-memory-reading-via-AD-DC-LDAP-Server-34931",
  "serverity": "\u9ad8",
  "submitTime": "2021-03-26",
  "title": "Samba\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-28711\uff09"
}

FKIE_CVE-2021-20277

Vulnerability from fkie_nvd - Published: 2021-05-12 14:15 - Updated: 2024-11-21 05:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1941402	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/
secalert@redhat.com	https://security.gentoo.org/glsa/202105-22	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20210326-0007/	Third Party Advisory
secalert@redhat.com	https://www.debian.org/security/2021/dsa-4884	Third Party Advisory
secalert@redhat.com	https://www.samba.org/samba/security/CVE-2021-20277.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1941402	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202105-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210326-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-4884	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.samba.org/samba/security/CVE-2021-20277.html	Vendor Advisory

Impacted products

Vendor	Product	Version
samba	samba	*
samba	samba	*
samba	samba	*
debian	debian_linux	9.0
debian	debian_linux	10.0
fedoraproject	fedora	32
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2EE6834-8738-446C-BD67-B1D69AD8DFAE",
              "versionEndExcluding": "4.12.13",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54588EC1-AE17-47FD-AFB7-70AB43A49515",
              "versionEndExcluding": "4.13.6",
              "versionStartIncluding": "4.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B8145B4-A320-40A3-A24B-3DE0A0170639",
              "versionEndExcluding": "4.14.1",
              "versionStartIncluding": "4.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en libldb de Samba. M\u00faltiples espacios iniciales consecutivos en un atributo LDAP pueden conllevar a una escritura de memoria fuera de los l\u00edmites, conllevando a un bloqueo del proceso del servidor LDAP que maneja la petici\u00f3n. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
    }
  ],
  "id": "CVE-2021-20277",
  "lastModified": "2024-11-21T05:46:16.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-12T14:15:11.140",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-22"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4884"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-96FM-7X9F-HMMW

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-08-06 00:00

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-12T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.",
  "id": "GHSA-96fm-7x9f-hmmw",
  "modified": "2022-08-06T00:00:47Z",
  "published": "2022-05-24T19:02:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20277"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202105-22"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210326-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4884"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-20277

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-20277

Aliases

CVE-2021-20277

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20277",
    "description": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.",
    "id": "GSD-2021-20277",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-20277.html",
      "https://www.debian.org/security/2021/dsa-4884",
      "https://access.redhat.com/errata/RHSA-2021:2786",
      "https://access.redhat.com/errata/RHSA-2021:2331",
      "https://access.redhat.com/errata/RHSA-2021:1214",
      "https://access.redhat.com/errata/RHSA-2021:1213",
      "https://access.redhat.com/errata/RHSA-2021:1197",
      "https://access.redhat.com/errata/RHSA-2021:1072",
      "https://ubuntu.com/security/CVE-2021-20277",
      "https://advisories.mageia.org/CVE-2021-20277.html",
      "https://security.archlinux.org/CVE-2021-20277",
      "https://alas.aws.amazon.com/cve/html/CVE-2021-20277.html",
      "https://linux.oracle.com/cve/CVE-2021-20277.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20277"
      ],
      "details": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.",
      "id": "GSD-2021-20277",
      "modified": "2023-12-13T01:23:11.876353Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-20277",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "samba",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "samba 4.14.1, samba 4.13.6, samba 4.12.13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.netapp.com/advisory/ntap-20210326-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
          },
          {
            "name": "FEDORA-2021-c2d8628d33",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
          },
          {
            "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
          },
          {
            "name": "DSA-4884",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2021/dsa-4884"
          },
          {
            "name": "FEDORA-2021-1a8e93a285",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
          },
          {
            "name": "FEDORA-2021-c93a3a5d3f",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
          },
          {
            "name": "https://www.samba.org/samba/security/CVE-2021-20277.html",
            "refsource": "MISC",
            "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
          },
          {
            "name": "GLSA-202105-22",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202105-22"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.14.1",
                "versionStartIncluding": "4.14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.13.6",
                "versionStartIncluding": "4.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.12.13",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20277"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2021-20277.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210326-0007/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
            },
            {
              "name": "FEDORA-2021-1a8e93a285",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
            },
            {
              "name": "FEDORA-2021-c93a3a5d3f",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
            },
            {
              "name": "DSA-4884",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4884"
            },
            {
              "name": "FEDORA-2021-c2d8628d33",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
            },
            {
              "name": "GLSA-202105-22",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202105-22"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-08-05T16:01Z",
      "publishedDate": "2021-05-12T14:15Z"
    }
  }
}

MSRC_CVE-2021-20277

Vulnerability from csaf_microsoft - Published: 2021-05-02 00:00 - Updated: 2025-05-27 00:00

Summary

A flaw was found in Samba's libldb. Multiple consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2021-20277

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 18826-17084		—
Unresolved product id: 16864-17084		—

Known affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	Vendor Fix fix
Unresolved product id: 17084-2		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-20277 A flaw was found in Samba\u0027s libldb. Multiple consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-20277.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "A flaw was found in Samba\u0027s libldb. Multiple consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.",
    "tracking": {
      "current_release_date": "2025-05-27T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T21:59:28.364Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-20277",
      "initial_release_date": "2021-05-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-10-15T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-10-16T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-17T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-18T00:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-19T00:00:00.000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-20T00:00:00.000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-21T00:00:00.000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-22T00:00:00.000Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-23T00:00:00.000Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-24T00:00:00.000Z",
          "legacy_version": "1.9",
          "number": "10",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-25T00:00:00.000Z",
          "legacy_version": "2",
          "number": "11",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-26T00:00:00.000Z",
          "legacy_version": "2.1",
          "number": "12",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-27T00:00:00.000Z",
          "legacy_version": "2.2",
          "number": "13",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-28T00:00:00.000Z",
          "legacy_version": "2.3",
          "number": "14",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-29T00:00:00.000Z",
          "legacy_version": "2.4",
          "number": "15",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-30T00:00:00.000Z",
          "legacy_version": "2.5",
          "number": "16",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-10-31T00:00:00.000Z",
          "legacy_version": "2.6",
          "number": "17",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-01T00:00:00.000Z",
          "legacy_version": "2.7",
          "number": "18",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-02T00:00:00.000Z",
          "legacy_version": "2.8",
          "number": "19",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-04T00:00:00.000Z",
          "legacy_version": "2.9",
          "number": "20",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-05T00:00:00.000Z",
          "legacy_version": "3",
          "number": "21",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-06T00:00:00.000Z",
          "legacy_version": "3.1",
          "number": "22",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-07T00:00:00.000Z",
          "legacy_version": "3.2",
          "number": "23",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-08T00:00:00.000Z",
          "legacy_version": "3.3",
          "number": "24",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-09T00:00:00.000Z",
          "legacy_version": "3.4",
          "number": "25",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-10T00:00:00.000Z",
          "legacy_version": "3.5",
          "number": "26",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-11T00:00:00.000Z",
          "legacy_version": "3.6",
          "number": "27",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-12T00:00:00.000Z",
          "legacy_version": "3.7",
          "number": "28",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-13T00:00:00.000Z",
          "legacy_version": "3.8",
          "number": "29",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-14T00:00:00.000Z",
          "legacy_version": "3.9",
          "number": "30",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-15T00:00:00.000Z",
          "legacy_version": "4",
          "number": "31",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-16T00:00:00.000Z",
          "legacy_version": "4.1",
          "number": "32",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-17T00:00:00.000Z",
          "legacy_version": "4.2",
          "number": "33",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-18T00:00:00.000Z",
          "legacy_version": "4.3",
          "number": "34",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-19T00:00:00.000Z",
          "legacy_version": "4.4",
          "number": "35",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-20T00:00:00.000Z",
          "legacy_version": "4.5",
          "number": "36",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-21T00:00:00.000Z",
          "legacy_version": "4.6",
          "number": "37",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-23T00:00:00.000Z",
          "legacy_version": "4.7",
          "number": "38",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-24T00:00:00.000Z",
          "legacy_version": "4.8",
          "number": "39",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-25T00:00:00.000Z",
          "legacy_version": "4.9",
          "number": "40",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-26T00:00:00.000Z",
          "legacy_version": "5",
          "number": "41",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-27T00:00:00.000Z",
          "legacy_version": "5.1",
          "number": "42",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-28T00:00:00.000Z",
          "legacy_version": "5.2",
          "number": "43",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-29T00:00:00.000Z",
          "legacy_version": "5.3",
          "number": "44",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-11-30T00:00:00.000Z",
          "legacy_version": "5.4",
          "number": "45",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-01T00:00:00.000Z",
          "legacy_version": "5.5",
          "number": "46",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-02T00:00:00.000Z",
          "legacy_version": "5.6",
          "number": "47",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-03T00:00:00.000Z",
          "legacy_version": "5.7",
          "number": "48",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-04T00:00:00.000Z",
          "legacy_version": "5.8",
          "number": "49",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-05T00:00:00.000Z",
          "legacy_version": "5.9",
          "number": "50",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-07T00:00:00.000Z",
          "legacy_version": "6",
          "number": "51",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-08T00:00:00.000Z",
          "legacy_version": "6.1",
          "number": "52",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-09T00:00:00.000Z",
          "legacy_version": "6.2",
          "number": "53",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-10T00:00:00.000Z",
          "legacy_version": "6.3",
          "number": "54",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-11T00:00:00.000Z",
          "legacy_version": "6.4",
          "number": "55",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-12T00:00:00.000Z",
          "legacy_version": "6.5",
          "number": "56",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-13T00:00:00.000Z",
          "legacy_version": "6.6",
          "number": "57",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-14T00:00:00.000Z",
          "legacy_version": "6.7",
          "number": "58",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-15T00:00:00.000Z",
          "legacy_version": "6.8",
          "number": "59",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-16T00:00:00.000Z",
          "legacy_version": "6.9",
          "number": "60",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-17T00:00:00.000Z",
          "legacy_version": "7",
          "number": "61",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-18T00:00:00.000Z",
          "legacy_version": "7.1",
          "number": "62",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-19T00:00:00.000Z",
          "legacy_version": "7.2",
          "number": "63",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-20T00:00:00.000Z",
          "legacy_version": "7.3",
          "number": "64",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-21T00:00:00.000Z",
          "legacy_version": "7.4",
          "number": "65",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-22T00:00:00.000Z",
          "legacy_version": "7.5",
          "number": "66",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-23T00:00:00.000Z",
          "legacy_version": "7.6",
          "number": "67",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-24T00:00:00.000Z",
          "legacy_version": "7.7",
          "number": "68",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-25T00:00:00.000Z",
          "legacy_version": "7.8",
          "number": "69",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-26T00:00:00.000Z",
          "legacy_version": "7.9",
          "number": "70",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-27T00:00:00.000Z",
          "legacy_version": "8",
          "number": "71",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-28T00:00:00.000Z",
          "legacy_version": "8.1",
          "number": "72",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-29T00:00:00.000Z",
          "legacy_version": "8.2",
          "number": "73",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-30T00:00:00.000Z",
          "legacy_version": "8.3",
          "number": "74",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2024-12-31T00:00:00.000Z",
          "legacy_version": "8.4",
          "number": "75",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-01T00:00:00.000Z",
          "legacy_version": "8.5",
          "number": "76",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-02T00:00:00.000Z",
          "legacy_version": "8.6",
          "number": "77",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-03T00:00:00.000Z",
          "legacy_version": "8.7",
          "number": "78",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-04T00:00:00.000Z",
          "legacy_version": "8.8",
          "number": "79",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-05T00:00:00.000Z",
          "legacy_version": "8.9",
          "number": "80",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-06T00:00:00.000Z",
          "legacy_version": "9",
          "number": "81",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-07T00:00:00.000Z",
          "legacy_version": "9.1",
          "number": "82",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-08T00:00:00.000Z",
          "legacy_version": "9.2",
          "number": "83",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-09T00:00:00.000Z",
          "legacy_version": "9.3",
          "number": "84",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-10T00:00:00.000Z",
          "legacy_version": "9.4",
          "number": "85",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-11T00:00:00.000Z",
          "legacy_version": "9.5",
          "number": "86",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-12T00:00:00.000Z",
          "legacy_version": "9.6",
          "number": "87",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-13T00:00:00.000Z",
          "legacy_version": "9.7",
          "number": "88",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-15T00:00:00.000Z",
          "legacy_version": "9.8",
          "number": "89",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-16T00:00:00.000Z",
          "legacy_version": "9.9",
          "number": "90",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-17T00:00:00.000Z",
          "legacy_version": "1",
          "number": "91",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-18T00:00:00.000Z",
          "legacy_version": "10.1",
          "number": "92",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-19T00:00:00.000Z",
          "legacy_version": "10.2",
          "number": "93",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-20T00:00:00.000Z",
          "legacy_version": "10.3",
          "number": "94",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-21T00:00:00.000Z",
          "legacy_version": "10.4",
          "number": "95",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-22T00:00:00.000Z",
          "legacy_version": "10.5",
          "number": "96",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-23T00:00:00.000Z",
          "legacy_version": "10.6",
          "number": "97",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-24T00:00:00.000Z",
          "legacy_version": "10.7",
          "number": "98",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-25T00:00:00.000Z",
          "legacy_version": "10.8",
          "number": "99",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-27T00:00:00.000Z",
          "legacy_version": "10.9",
          "number": "100",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-28T00:00:00.000Z",
          "legacy_version": "11",
          "number": "101",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-29T00:00:00.000Z",
          "legacy_version": "11.1",
          "number": "102",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-01-30T00:00:00.000Z",
          "legacy_version": "11.2",
          "number": "103",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-01T00:00:00.000Z",
          "legacy_version": "11.3",
          "number": "104",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-02T00:00:00.000Z",
          "legacy_version": "11.4",
          "number": "105",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-03T00:00:00.000Z",
          "legacy_version": "11.5",
          "number": "106",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-04T00:00:00.000Z",
          "legacy_version": "11.6",
          "number": "107",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-05T00:00:00.000Z",
          "legacy_version": "11.7",
          "number": "108",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-07T00:00:00.000Z",
          "legacy_version": "11.8",
          "number": "109",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-08T00:00:00.000Z",
          "legacy_version": "11.9",
          "number": "110",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-09T00:00:00.000Z",
          "legacy_version": "12",
          "number": "111",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-10T00:00:00.000Z",
          "legacy_version": "12.1",
          "number": "112",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-11T00:00:00.000Z",
          "legacy_version": "12.2",
          "number": "113",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-12T00:00:00.000Z",
          "legacy_version": "12.3",
          "number": "114",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-13T00:00:00.000Z",
          "legacy_version": "12.4",
          "number": "115",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-14T00:00:00.000Z",
          "legacy_version": "12.5",
          "number": "116",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-15T00:00:00.000Z",
          "legacy_version": "12.6",
          "number": "117",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-16T00:00:00.000Z",
          "legacy_version": "12.7",
          "number": "118",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-17T00:00:00.000Z",
          "legacy_version": "12.8",
          "number": "119",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-18T00:00:00.000Z",
          "legacy_version": "12.9",
          "number": "120",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-19T00:00:00.000Z",
          "legacy_version": "13",
          "number": "121",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-20T00:00:00.000Z",
          "legacy_version": "13.1",
          "number": "122",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-21T00:00:00.000Z",
          "legacy_version": "13.2",
          "number": "123",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-22T00:00:00.000Z",
          "legacy_version": "13.3",
          "number": "124",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-23T00:00:00.000Z",
          "legacy_version": "13.4",
          "number": "125",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-24T00:00:00.000Z",
          "legacy_version": "13.5",
          "number": "126",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-25T00:00:00.000Z",
          "legacy_version": "13.6",
          "number": "127",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-26T00:00:00.000Z",
          "legacy_version": "13.7",
          "number": "128",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-27T00:00:00.000Z",
          "legacy_version": "13.8",
          "number": "129",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-02-28T00:00:00.000Z",
          "legacy_version": "13.9",
          "number": "130",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-01T00:00:00.000Z",
          "legacy_version": "14",
          "number": "131",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-02T00:00:00.000Z",
          "legacy_version": "14.1",
          "number": "132",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-03T00:00:00.000Z",
          "legacy_version": "14.2",
          "number": "133",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-04T00:00:00.000Z",
          "legacy_version": "14.3",
          "number": "134",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-05T00:00:00.000Z",
          "legacy_version": "14.4",
          "number": "135",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-06T00:00:00.000Z",
          "legacy_version": "14.5",
          "number": "136",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-08T00:00:00.000Z",
          "legacy_version": "14.6",
          "number": "137",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-09T00:00:00.000Z",
          "legacy_version": "14.7",
          "number": "138",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-10T00:00:00.000Z",
          "legacy_version": "14.8",
          "number": "139",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-11T00:00:00.000Z",
          "legacy_version": "14.9",
          "number": "140",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-12T00:00:00.000Z",
          "legacy_version": "15",
          "number": "141",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-14T00:00:00.000Z",
          "legacy_version": "15.1",
          "number": "142",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-15T00:00:00.000Z",
          "legacy_version": "15.2",
          "number": "143",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-16T00:00:00.000Z",
          "legacy_version": "15.3",
          "number": "144",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-17T00:00:00.000Z",
          "legacy_version": "15.4",
          "number": "145",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-18T00:00:00.000Z",
          "legacy_version": "15.5",
          "number": "146",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-19T00:00:00.000Z",
          "legacy_version": "15.6",
          "number": "147",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-20T00:00:00.000Z",
          "legacy_version": "15.7",
          "number": "148",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-21T00:00:00.000Z",
          "legacy_version": "15.8",
          "number": "149",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-22T00:00:00.000Z",
          "legacy_version": "15.9",
          "number": "150",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-23T00:00:00.000Z",
          "legacy_version": "16",
          "number": "151",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-24T00:00:00.000Z",
          "legacy_version": "16.1",
          "number": "152",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-25T00:00:00.000Z",
          "legacy_version": "16.2",
          "number": "153",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-26T00:00:00.000Z",
          "legacy_version": "16.3",
          "number": "154",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-27T00:00:00.000Z",
          "legacy_version": "16.4",
          "number": "155",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-28T00:00:00.000Z",
          "legacy_version": "16.5",
          "number": "156",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-29T00:00:00.000Z",
          "legacy_version": "16.6",
          "number": "157",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-30T00:00:00.000Z",
          "legacy_version": "16.7",
          "number": "158",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-03-31T00:00:00.000Z",
          "legacy_version": "16.8",
          "number": "159",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-01T00:00:00.000Z",
          "legacy_version": "16.9",
          "number": "160",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-03T00:00:00.000Z",
          "legacy_version": "17",
          "number": "161",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-04T00:00:00.000Z",
          "legacy_version": "17.1",
          "number": "162",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-05T00:00:00.000Z",
          "legacy_version": "17.2",
          "number": "163",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-06T00:00:00.000Z",
          "legacy_version": "17.3",
          "number": "164",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-07T00:00:00.000Z",
          "legacy_version": "17.4",
          "number": "165",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-08T00:00:00.000Z",
          "legacy_version": "17.5",
          "number": "166",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-09T00:00:00.000Z",
          "legacy_version": "17.6",
          "number": "167",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-11T00:00:00.000Z",
          "legacy_version": "17.7",
          "number": "168",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-12T00:00:00.000Z",
          "legacy_version": "17.8",
          "number": "169",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-13T00:00:00.000Z",
          "legacy_version": "17.9",
          "number": "170",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-14T00:00:00.000Z",
          "legacy_version": "18",
          "number": "171",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-15T00:00:00.000Z",
          "legacy_version": "18.1",
          "number": "172",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-16T00:00:00.000Z",
          "legacy_version": "18.2",
          "number": "173",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-17T00:00:00.000Z",
          "legacy_version": "18.3",
          "number": "174",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-18T00:00:00.000Z",
          "legacy_version": "18.4",
          "number": "175",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-19T00:00:00.000Z",
          "legacy_version": "18.5",
          "number": "176",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-20T00:00:00.000Z",
          "legacy_version": "18.6",
          "number": "177",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-21T00:00:00.000Z",
          "legacy_version": "18.7",
          "number": "178",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-22T00:00:00.000Z",
          "legacy_version": "18.8",
          "number": "179",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-23T00:00:00.000Z",
          "legacy_version": "18.9",
          "number": "180",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-24T00:00:00.000Z",
          "legacy_version": "19",
          "number": "181",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-25T00:00:00.000Z",
          "legacy_version": "19.1",
          "number": "182",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-26T00:00:00.000Z",
          "legacy_version": "19.2",
          "number": "183",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-28T00:00:00.000Z",
          "legacy_version": "19.3",
          "number": "184",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-29T00:00:00.000Z",
          "legacy_version": "19.4",
          "number": "185",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-04-30T00:00:00.000Z",
          "legacy_version": "19.5",
          "number": "186",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-01T00:00:00.000Z",
          "legacy_version": "19.6",
          "number": "187",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-02T00:00:00.000Z",
          "legacy_version": "19.7",
          "number": "188",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-03T00:00:00.000Z",
          "legacy_version": "19.8",
          "number": "189",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-04T00:00:00.000Z",
          "legacy_version": "19.9",
          "number": "190",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-05T00:00:00.000Z",
          "legacy_version": "2",
          "number": "191",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-06T00:00:00.000Z",
          "legacy_version": "20.1",
          "number": "192",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-07T00:00:00.000Z",
          "legacy_version": "20.2",
          "number": "193",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-08T00:00:00.000Z",
          "legacy_version": "20.3",
          "number": "194",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-09T00:00:00.000Z",
          "legacy_version": "20.4",
          "number": "195",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-10T00:00:00.000Z",
          "legacy_version": "20.5",
          "number": "196",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-11T00:00:00.000Z",
          "legacy_version": "20.6",
          "number": "197",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-12T00:00:00.000Z",
          "legacy_version": "20.7",
          "number": "198",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-13T00:00:00.000Z",
          "legacy_version": "20.8",
          "number": "199",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-14T00:00:00.000Z",
          "legacy_version": "20.9",
          "number": "200",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-15T00:00:00.000Z",
          "legacy_version": "21",
          "number": "201",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-16T00:00:00.000Z",
          "legacy_version": "21.1",
          "number": "202",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-17T00:00:00.000Z",
          "legacy_version": "21.2",
          "number": "203",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-18T00:00:00.000Z",
          "legacy_version": "21.3",
          "number": "204",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-19T00:00:00.000Z",
          "legacy_version": "21.4",
          "number": "205",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-20T00:00:00.000Z",
          "legacy_version": "21.5",
          "number": "206",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-21T00:00:00.000Z",
          "legacy_version": "21.6",
          "number": "207",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-22T00:00:00.000Z",
          "legacy_version": "21.7",
          "number": "208",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-23T00:00:00.000Z",
          "legacy_version": "21.8",
          "number": "209",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-24T00:00:00.000Z",
          "legacy_version": "21.9",
          "number": "210",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-25T00:00:00.000Z",
          "legacy_version": "22",
          "number": "211",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-26T00:00:00.000Z",
          "legacy_version": "22.1",
          "number": "212",
          "summary": "Added samba to Azure Linux 3.0"
        },
        {
          "date": "2025-05-27T00:00:00.000Z",
          "legacy_version": "22.2",
          "number": "213",
          "summary": "Added samba to Azure Linux 3.0"
        }
      ],
      "status": "final",
      "version": "213"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 libldb 2.7.2-1",
                "product": {
                  "name": "\u003cazl3 libldb 2.7.2-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 libldb 2.7.2-1",
                "product": {
                  "name": "azl3 libldb 2.7.2-1",
                  "product_id": "18826"
                }
              }
            ],
            "category": "product_name",
            "name": "libldb"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 samba 4.18.3-1",
                "product": {
                  "name": "\u003cazl3 samba 4.18.3-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 samba 4.18.3-1",
                "product": {
                  "name": "azl3 samba 4.18.3-1",
                  "product_id": "16864"
                }
              }
            ],
            "category": "product_name",
            "name": "samba"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 libldb 2.7.2-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libldb 2.7.2-1 as a component of Azure Linux 3.0",
          "product_id": "18826-17084"
        },
        "product_reference": "18826",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 samba 4.18.3-1 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 samba 4.18.3-1 as a component of Azure Linux 3.0",
          "product_id": "16864-17084"
        },
        "product_reference": "16864",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20277",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "18826-17084",
          "16864-17084"
        ],
        "known_affected": [
          "17084-1",
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-20277 A flaw was found in Samba\u0027s libldb. Multiple consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-20277.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-15T00:00:00.000Z",
          "details": "2.7.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-10-15T00:00:00.000Z",
          "details": "4.18.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-1",
            "17084-2"
          ]
        }
      ],
      "title": "A flaw was found in Samba\u0027s libldb. Multiple consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
    }
  ]
}

OPENSUSE-SU-2021:0469-1

Vulnerability from csaf_opensuse - Published: 2021-03-25 08:10 - Updated: 2021-03-25 08:10

Summary

Security update for ldb

Severity

Important

Notes

Title of the patch: Security update for ldb

Description of the patch: This update for ldb fixes the following issues: - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames: openSUSE-2021-469

CVE-2020-27840

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-20277

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64	—	Vendor Fix

Threats

Impact important

References

12 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1183572	self
https://bugzilla.suse.com/1183574	self
https://www.suse.com/security/cve/CVE-2020-27840/	self
https://www.suse.com/security/cve/CVE-2021-20277/	self
https://www.suse.com/security/cve/CVE-2020-27840	external
https://bugzilla.suse.com/1183572	external
https://www.suse.com/security/cve/CVE-2021-20277	external
https://bugzilla.suse.com/1183574	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ldb",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ldb fixes the following issues:\n\n- CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).\n- CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-469",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0469-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0469-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLNA72I7E6KKMIQOHXHYRPDYGMW5KH4K/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0469-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLNA72I7E6KKMIQOHXHYRPDYGMW5KH4K/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183572",
        "url": "https://bugzilla.suse.com/1183572"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183574",
        "url": "https://bugzilla.suse.com/1183574"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27840 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20277 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20277/"
      }
    ],
    "title": "Security update for ldb",
    "tracking": {
      "current_release_date": "2021-03-25T08:10:39Z",
      "generator": {
        "date": "2021-03-25T08:10:39Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0469-1",
      "initial_release_date": "2021-03-25T08:10:39Z",
      "revision_history": [
        {
          "date": "2021-03-25T08:10:39Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ldb-tools-2.0.12-lp152.2.9.1.i586",
                "product": {
                  "name": "ldb-tools-2.0.12-lp152.2.9.1.i586",
                  "product_id": "ldb-tools-2.0.12-lp152.2.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libldb-devel-2.0.12-lp152.2.9.1.i586",
                "product": {
                  "name": "libldb-devel-2.0.12-lp152.2.9.1.i586",
                  "product_id": "libldb-devel-2.0.12-lp152.2.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libldb2-2.0.12-lp152.2.9.1.i586",
                "product": {
                  "name": "libldb2-2.0.12-lp152.2.9.1.i586",
                  "product_id": "libldb2-2.0.12-lp152.2.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python3-ldb-2.0.12-lp152.2.9.1.i586",
                "product": {
                  "name": "python3-ldb-2.0.12-lp152.2.9.1.i586",
                  "product_id": "python3-ldb-2.0.12-lp152.2.9.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
                "product": {
                  "name": "python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
                  "product_id": "python3-ldb-devel-2.0.12-lp152.2.9.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ldb-tools-2.0.12-lp152.2.9.1.x86_64",
                "product": {
                  "name": "ldb-tools-2.0.12-lp152.2.9.1.x86_64",
                  "product_id": "ldb-tools-2.0.12-lp152.2.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libldb-devel-2.0.12-lp152.2.9.1.x86_64",
                "product": {
                  "name": "libldb-devel-2.0.12-lp152.2.9.1.x86_64",
                  "product_id": "libldb-devel-2.0.12-lp152.2.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libldb2-2.0.12-lp152.2.9.1.x86_64",
                "product": {
                  "name": "libldb2-2.0.12-lp152.2.9.1.x86_64",
                  "product_id": "libldb2-2.0.12-lp152.2.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
                "product": {
                  "name": "libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
                  "product_id": "libldb2-32bit-2.0.12-lp152.2.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-ldb-2.0.12-lp152.2.9.1.x86_64",
                "product": {
                  "name": "python3-ldb-2.0.12-lp152.2.9.1.x86_64",
                  "product_id": "python3-ldb-2.0.12-lp152.2.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
                "product": {
                  "name": "python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
                  "product_id": "python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64",
                "product": {
                  "name": "python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64",
                  "product_id": "python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ldb-tools-2.0.12-lp152.2.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586"
        },
        "product_reference": "ldb-tools-2.0.12-lp152.2.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ldb-tools-2.0.12-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64"
        },
        "product_reference": "ldb-tools-2.0.12-lp152.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libldb-devel-2.0.12-lp152.2.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586"
        },
        "product_reference": "libldb-devel-2.0.12-lp152.2.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libldb-devel-2.0.12-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64"
        },
        "product_reference": "libldb-devel-2.0.12-lp152.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libldb2-2.0.12-lp152.2.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586"
        },
        "product_reference": "libldb2-2.0.12-lp152.2.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libldb2-2.0.12-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64"
        },
        "product_reference": "libldb2-2.0.12-lp152.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libldb2-32bit-2.0.12-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64"
        },
        "product_reference": "libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ldb-2.0.12-lp152.2.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586"
        },
        "product_reference": "python3-ldb-2.0.12-lp152.2.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ldb-2.0.12-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64"
        },
        "product_reference": "python3-ldb-2.0.12-lp152.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64"
        },
        "product_reference": "python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ldb-devel-2.0.12-lp152.2.9.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586"
        },
        "product_reference": "python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
        },
        "product_reference": "python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-27840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27840",
          "url": "https://www.suse.com/security/cve/CVE-2020-27840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183572 for CVE-2020-27840",
          "url": "https://bugzilla.suse.com/1183572"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-25T08:10:39Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-27840"
    },
    {
      "cve": "CVE-2021-20277",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20277"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
          "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
          "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20277",
          "url": "https://www.suse.com/security/cve/CVE-2021-20277"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183574 for CVE-2021-20277",
          "url": "https://bugzilla.suse.com/1183574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1.x86_64",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.i586",
            "openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-03-25T08:10:39Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-20277"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20277 (GCVE-0-2021-20277)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature