VDB
CVE-2019-12436
CVE-2019-12436
REJECTED
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
EPSS 2.35% · 85.2th percentile
Risk Scores
EPSS Score
2.35%
85.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | samba | *, 2:4.3.11+dfsg-0ubuntu0.16.04.8, 2:4.3.11+dfsg-0ubuntu0.16.04.10 |
| Ubuntu:18.04:LTS | samba | 2:4.6.7+dfsg-1ubuntu3, 2:4.7.1+dfsg-1ubuntu1, 2:4.7.3+dfsg-1ubuntu1 |
Timeline
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-12436 third-party-advisory
- https://www.samba.org/samba/security/CVE-2019-12436.html third-party-advisory
- https://ubuntu.com/security/notices/USN-4018-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-12436 third-party-advisory