VulnerableCode Package Details - pkg:deb/ubuntu/ldb@0.9.1~svn26291-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1b1d-tj5f-aaaj Aliases: CVE-2021-20277	A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.	2:2.0.10-0ubuntu0.20.04.3 Affected by 0 other vulnerabilities.
VCID-9m3f-r1wf-aaas Aliases: CVE-2020-27840	A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.	2:2.0.10-0ubuntu0.20.04.3 Affected by 0 other vulnerabilities.
VCID-avrs-ycrw-aaan Aliases: CVE-2015-3223	The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.	1:1.1.16-1ubuntu0.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:1.1.24-1ubuntu1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tk3b-md55-aaaq Aliases: CVE-2015-5330	ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.	1:1.1.16-1ubuntu0.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:1.1.24-1ubuntu1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ymj2-f675-aaaj Aliases: CVE-2019-3824	A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.	1:1.1.24-0ubuntu0.14.04.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:1.2.3-1ubuntu0.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1b1d-tj5f-aaaj
Aliases:
CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

2:2.0.10-0ubuntu0.20.04.3
Affected by 0 other vulnerabilities.

VCID-9m3f-r1wf-aaas
Aliases:
CVE-2020-27840

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

2:2.0.10-0ubuntu0.20.04.3
Affected by 0 other vulnerabilities.

VCID-avrs-ycrw-aaan
Aliases:
CVE-2015-3223

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

1:1.1.16-1ubuntu0.1
Affected by 3 other vulnerabilities.

2:1.1.24-1ubuntu1
Affected by 3 other vulnerabilities.

VCID-tk3b-md55-aaaq
Aliases:
CVE-2015-5330

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

1:1.1.16-1ubuntu0.1
Affected by 3 other vulnerabilities.

2:1.1.24-1ubuntu1
Affected by 3 other vulnerabilities.

VCID-ymj2-f675-aaaj
Aliases:
CVE-2019-3824

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

1:1.1.24-0ubuntu0.14.04.2
Affected by 4 other vulnerabilities.

2:1.2.3-1ubuntu0.1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Next non-vulnerable version	2:2.0.10-0ubuntu0.20.04.3
Latest non-vulnerable version	2:2.0.10-0ubuntu0.20.04.3
Risk	4.0