Search for vulnerabilities
Vulnerability details: VCID-p1ut-8qg5-pkd2
Vulnerability ID VCID-p1ut-8qg5-pkd2
Aliases CVE-2020-14323
Summary A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-170 Improper Null Termination
CWE-476 NULL Pointer Dereference
System Score Found at
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14323.json
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2020-14323
cvssv3.1 5.5 https://bugzilla.redhat.com/show_bug.cgi?id=1891685
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=1891685
cvssv3.1 5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
ssvc Track https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
cvssv3.1 5.5 https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
cvssv3.1 5.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/
cvssv3.1 5.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14323
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14323
cvssv3.1 5.5 https://security.gentoo.org/glsa/202012-24
ssvc Track https://security.gentoo.org/glsa/202012-24
cvssv3.1 5.5 https://security.netapp.com/advisory/ntap-20201103-0001/
ssvc Track https://security.netapp.com/advisory/ntap-20201103-0001/
cvssv3.1 5.5 https://www.samba.org/samba/security/CVE-2020-14323.html
ssvc Track https://www.samba.org/samba/security/CVE-2020-14323.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14323.json
https://api.first.org/data/v1/epss?cve=CVE-2020-14323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
202012-24 https://security.gentoo.org/glsa/202012-24
973399 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973399
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
CVE-2020-14323 https://nvd.nist.gov/vuln/detail/CVE-2020-14323
CVE-2020-14323.html https://www.samba.org/samba/security/CVE-2020-14323.html
JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/
msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html
msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html
msg00015.html https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
msg00041.html https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
ntap-20201103-0001 https://security.netapp.com/advisory/ntap-20201103-0001/
RHSA-2020:5439 https://access.redhat.com/errata/RHSA-2020:5439
RHSA-2021:1647 https://access.redhat.com/errata/RHSA-2021:1647
RHSA-2021:3723 https://access.redhat.com/errata/RHSA-2021:3723
show_bug.cgi?id=1891685 https://bugzilla.redhat.com/show_bug.cgi?id=1891685
USN-4611-1 https://usn.ubuntu.com/4611-1/
USN-4931-1 https://usn.ubuntu.com/4931-1/
W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14323.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1891685
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=1891685
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14323
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14323
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202012-24
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://security.gentoo.org/glsa/202012-24
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20201103-0001/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://security.netapp.com/advisory/ntap-20201103-0001/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://www.samba.org/samba/security/CVE-2020-14323.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/ Found at https://www.samba.org/samba/security/CVE-2020-14323.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.61191
EPSS Score 0.00421
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:40.353657+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.13/main.json 37.0.0