A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
Published 2021-05-05 14:15:08
Updated 2021-06-24 18:30:43
Source Red Hat, Inc.
View at NVD,   CVE.org

Threat overview for CVE-2021-20254

Top countries where our scanners detected CVE-2021-20254
Top open port discovered on systems with this issue 80
IPs affected by CVE-2021-20254 254,368
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2021-20254!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2021-20254

0.42%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-20254

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.9
MEDIUM AV:N/AC:M/Au:S/C:P/I:P/A:N
6.8
4.9
NIST
6.8
MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1.6
5.2
NIST

CWE ids for CVE-2021-20254

  • The product reads data past the end, or before the beginning, of the intended buffer.
    Assigned by: secalert@redhat.com (Primary)

References for CVE-2021-20254

Products affected by CVE-2021-20254

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!