CVE-2020-27840
Ubuntu Security Notice USN-4888-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
Se ha encontrado un fallo en samba. Los espacios usados en una cadena alrededor de un nombre de dominio (DN), aunque se supone que deben ser ignorados, pueden causar cadenas DN no válidas con espacios en lugar de escribir un byte cero en la memoria fuera de límites, resultando en un bloqueo. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema
USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-27 CVE Reserved
- 2021-03-25 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1941400 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210326-0007 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.0.0 < 4.12.13 Search vendor "Samba" for product "Samba" and version " >= 4.0.0 < 4.12.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.13.0 < 4.13.6 Search vendor "Samba" for product "Samba" and version " >= 4.13.0 < 4.13.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.14.0 < 4.14.1 Search vendor "Samba" for product "Samba" and version " >= 4.14.0 < 4.14.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||