A denial of service vulnerability was discovered in Sambas LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Samba | Samba | 4.0.0 (including) | 4.7.12 (excluding) |
Samba | Samba | 4.8.0 (including) | 4.8.7 (excluding) |
Samba | Samba | 4.8.8 (including) | 4.9.3 (excluding) |