VulnerableCode Package Details - pkg:deb/debian/ldb@2:1.1.27-1%2Bdeb9u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-16td-s1zq-jugr Aliases: CVE-2021-20277	A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.	2:1.5.1+really1.4.6-3+deb10u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:2.2.3-2~deb11u2 Affected by 0 other vulnerabilities.
VCID-as1n-ft13-h3bx Aliases: CVE-2020-10730	A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.	2:1.5.1+really1.4.6-3+deb10u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:2.2.3-2~deb11u2 Affected by 0 other vulnerabilities.
VCID-ezjm-vawb-y3bq Aliases: CVE-2019-3824	A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.	2:1.5.1+really1.4.6-3+deb10u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hc4j-ezm9-tqe9 Aliases: CVE-2020-27840	A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.	2:1.5.1+really1.4.6-3+deb10u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:2.2.3-2~deb11u2 Affected by 0 other vulnerabilities.
VCID-hm94-u9pa-kuhg Aliases: CVE-2021-3670	MaxQueryDuration not honoured in Samba AD DC LDAP	2:2.2.3-2~deb11u2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-16td-s1zq-jugr
Aliases:
CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

2:1.5.1+really1.4.6-3+deb10u1
Affected by 4 other vulnerabilities.

2:2.2.3-2~deb11u2
Affected by 0 other vulnerabilities.

VCID-as1n-ft13-h3bx
Aliases:
CVE-2020-10730

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

2:1.5.1+really1.4.6-3+deb10u1
Affected by 4 other vulnerabilities.

2:2.2.3-2~deb11u2
Affected by 0 other vulnerabilities.

VCID-ezjm-vawb-y3bq
Aliases:
CVE-2019-3824

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

2:1.5.1+really1.4.6-3+deb10u1
Affected by 4 other vulnerabilities.

VCID-hc4j-ezm9-tqe9
Aliases:
CVE-2020-27840

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

2:1.5.1+really1.4.6-3+deb10u1
Affected by 4 other vulnerabilities.

2:2.2.3-2~deb11u2
Affected by 0 other vulnerabilities.

VCID-hm94-u9pa-kuhg
Aliases:
CVE-2021-3670

MaxQueryDuration not honoured in Samba AD DC LDAP

2:2.2.3-2~deb11u2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ezjm-vawb-y3bq	A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.	CVE-2019-3824
VCID-s58b-8v9w-63d1		CVE-2015-5330
VCID-sz21-gdhu-ebe7		CVE-2015-3223

Vulnerability

Summary

Aliases

VCID-ezjm-vawb-y3bq

CVE-2019-3824

VCID-s58b-8v9w-63d1

CVE-2015-5330

VCID-sz21-gdhu-ebe7

CVE-2015-3223

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:44:49.677987+00:00	Debian Oval Importer	Fixing	VCID-sz21-gdhu-ebe7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:29:03.592863+00:00	Debian Oval Importer	Fixing	VCID-s58b-8v9w-63d1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:24:34.954770+00:00	Debian Oval Importer	Affected by	VCID-ezjm-vawb-y3bq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:43:19.438338+00:00	Debian Oval Importer	Affected by	VCID-hm94-u9pa-kuhg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:29:29.296517+00:00	Debian Oval Importer	Affected by	VCID-16td-s1zq-jugr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:44:37.906683+00:00	Debian Oval Importer	Affected by	VCID-hc4j-ezm9-tqe9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:41:33.804314+00:00	Debian Oval Importer	Affected by	VCID-as1n-ft13-h3bx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:29:56.648602+00:00	Debian Oval Importer	Affected by	VCID-hc4j-ezm9-tqe9	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:26:40.625619+00:00	Debian Oval Importer	Affected by	VCID-16td-s1zq-jugr	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:22:48.064416+00:00	Debian Oval Importer	Affected by	VCID-as1n-ft13-h3bx	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T10:52:33.787525+00:00	Debian Oval Importer	Fixing	VCID-ezjm-vawb-y3bq	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0