CVE-2021-20254

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20254

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20254.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-20254

Downstream

ALPINE-CVE-2021-20254

DEBIAN-CVE-2021-20254

DLA-2668-1

OESA-2021-1207

RHSA-2021:2313

RHSA-2021:3723

RHSA-2021:3724

RHSA-2021:3988

RHSA-2021:4058

RHSA-2021:4866

SUSE-SU-2021:1438-1

SUSE-SU-2021:1439-1

SUSE-SU-2021:1440-1

SUSE-SU-2021:1442-1

SUSE-SU-2021:1444-1

SUSE-SU-2021:1445-1

SUSE-SU-2021:14709-1

SUSE-SU-2021:1492-1

SUSE-SU-2021:1498-1

SUSE-SU-2021:3187-1

SUSE-SU-2022:0361-1

UBUNTU-CVE-2021-20254

USN-4930-1

USN-4931-1

openSUSE-SU-2021:0636-1

openSUSE-SU-2021:3187-1

openSUSE-SU-2024:11365-1

Related

Published

2021-05-05T14:15:07Z

Modified

2025-10-15T04:33:30Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type: GIT
Repo: https://github.com/samba-team/samba
Events: Introduced

b1d9ddf738c6e59e489bc9c339ce6de5988b689e

Fixed

703c6301013f78e80882abfe8375d6a45a176b7f