vulnerability

Samba CVE-2020-10704: CVE-2020-10700 and CVE-2020-10704. Please see announcements for details.

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

May 6, 2020

Added

Jun 3, 2020

Modified

Jun 3, 2026

Description

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.

Solutions

samba-upgrade-4_10_15samba-upgrade-4_12_2samba-upgrade-4_11_8

References

CVE-2020-10704
https://attackerkb.com/topics/CVE-2020-10704
https://www.samba.org/samba/security/CVE-2020-10704.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-3135
CWE-674
EUVD-EUVD-2020-3135

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report