Vulnerability Description
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 4.10.0, < 4.10.5 |
| Canonical | Ubuntu Linux | 19.04 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108823
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://usn.ubuntu.com/4018-1/Third Party Advisory
- https://www.samba.org/samba/security/CVE-2019-12436.htmlVendor Advisory
- https://www.synology.com/security/advisory/Synology_SA_19_27
- http://www.securityfocus.com/bid/108823
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://usn.ubuntu.com/4018-1/Third Party Advisory
- https://www.samba.org/samba/security/CVE-2019-12436.htmlVendor Advisory
- https://www.synology.com/security/advisory/Synology_SA_19_27
FAQ
What is CVE-2019-12436?
CVE-2019-12436 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have dire...
How severe is CVE-2019-12436?
CVE-2019-12436 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12436?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux.