VulnerableCode Package Details - pkg:deb/debian/ldb@2:2.2.3-2~deb11u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-16td-s1zq-jugr	A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.	CVE-2021-20277
VCID-as1n-ft13-h3bx	A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.	CVE-2020-10730
VCID-hc4j-ezm9-tqe9	A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.	CVE-2020-27840
VCID-hm94-u9pa-kuhg	MaxQueryDuration not honoured in Samba AD DC LDAP	CVE-2021-3670

Vulnerability

Summary

Aliases

VCID-16td-s1zq-jugr

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

CVE-2021-20277

VCID-as1n-ft13-h3bx

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

CVE-2020-10730

VCID-hc4j-ezm9-tqe9

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

CVE-2020-27840

VCID-hm94-u9pa-kuhg

MaxQueryDuration not honoured in Samba AD DC LDAP

CVE-2021-3670

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T15:43:19.447259+00:00	Debian Oval Importer	Fixing	VCID-hm94-u9pa-kuhg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:29:29.306034+00:00	Debian Oval Importer	Fixing	VCID-16td-s1zq-jugr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:44:37.916431+00:00	Debian Oval Importer	Fixing	VCID-hc4j-ezm9-tqe9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:41:33.815358+00:00	Debian Oval Importer	Fixing	VCID-as1n-ft13-h3bx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0