Описание
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
Отчет
The version of Samba shipped with Red Hat Gluster Storage (RHGS) 3 is built with a private copy of ldb (LDAP-like embedded database) library which includes the vulnerable code. However, Samba shipped with RHGS 3 is not supported for use as an Active Directory Domain Controller and hence the impact has been lowered.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libldb | Out of support scope | ||
| Red Hat Enterprise Linux 9 | libldb | Not affected | ||
| Red Hat Storage 3 | samba | Affected | ||
| Red Hat Enterprise Linux 7 | libldb | Fixed | RHSA-2021:1072 | 06.04.2021 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | libldb | Fixed | RHSA-2021:2786 | 20.07.2021 |
| Red Hat Enterprise Linux 7.6 Telco Extended Update Support | libldb | Fixed | RHSA-2021:2786 | 20.07.2021 |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | libldb | Fixed | RHSA-2021:2786 | 20.07.2021 |
| Red Hat Enterprise Linux 7.7 Extended Update Support | libldb | Fixed | RHSA-2021:2331 | 08.06.2021 |
| Red Hat Enterprise Linux 8 | libldb | Fixed | RHSA-2021:1197 | 14.04.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | libldb | Fixed | RHSA-2021:1214 | 15.04.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
A flaw was found in Samba's libldb. Multiple, consecutive leading spac ...
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
EPSS
7.1 High
CVSS3