VDB
CVE-2020-10704
CVE-2020-10704
PUBLISHED
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
EPSS 14.52% · 94.6th percentile
Risk Scores
EPSS Score
14.52%
94.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | samba | 2:4.10.7+dfsg-0ubuntu3, 2:4.11.1+dfsg-3ubuntu2, 2:4.11.1+dfsg-3ubuntu4 |
| Ubuntu:Pro:14.04:LTS | samba | 0, 2:3.6.18-1ubuntu3, 2:4.0.10+dfsg-4ubuntu2 |
| Ubuntu:18.04:LTS | samba | *, 2:4.7.1+dfsg-1ubuntu1, 2:4.7.3+dfsg-1ubuntu1 |
| Ubuntu:16.04:LTS | samba | *, *, * |
Timeline
- Apr 28, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 28, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Jan 28, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-10704 third-party-advisory
- https://www.samba.org/samba/security/CVE-2020-10704.html third-party-advisory
- https://ubuntu.com/security/notices/USN-4341-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4341-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-10704 third-party-advisory