CVE-2020-27840 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-27840 PUBLISHED

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

EPSS 14.52% · 94.4th percentile

Risk Scores

EPSS Score

14.52%

94.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:14.04:LTS	ldb	0, 1:1.1.24-0ubuntu0.14.04.2, 1:1.1.24-0ubuntu0.14.04.1
Ubuntu:20.04:LTS	ldb	0, 2:1.5.5-0ubuntu2, 2:2.0.7-4
Ubuntu:16.04:LTS	ldb	0, ,
Ubuntu:18.04:LTS	ldb	2:1.1.29-2, 2:1.2.2-2, 2:1.2.3-1

Timeline

Mar 24, 2021 CVE Published
May 13, 2021 EPSS Score
Sep 14, 2021 EPSS Score
Nov 14, 2021 EPSS Score
Jan 15, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 18, 2022 EPSS Score
Sep 17, 2022 EPSS Score
Jan 17, 2023 EPSS Score
Mar 20, 2023 EPSS Score
May 20, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-27840 third-party-advisory
https://www.samba.org/samba/security/CVE-2020-27840.html third-party-advisory
https://ubuntu.com/security/notices/USN-4888-1 vendor-advisory
https://ubuntu.com/security/notices/USN-4888-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-27840 third-party-advisory

Open in Interactive Console →