What is CVE-2020-14383?

CVE-2020-14383 is a medium-severity vulnerability in Samba, classified under CWE-391. CVSS score: 6.5/10. Published 2020-12-02.

How severe is CVE-2020-14383?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2020-14383 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Samba

CVE-2020-14383

A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an a…

EPSS: 0.022 (80.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Samba
Redhat Enterprise_linux — versions 8.0
N/a Samba — versions samba 4.11.15, samba 4.12.9, samba 4.13.1

Weakness classification (CWE)

CWE-391

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

secalert@redhat.com (Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (Vendor Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory)
secalert@redhat.com (mailing-list)

Frequently asked questions

What is CVE-2020-14383?: CVE-2020-14383 is a medium-severity vulnerability in Samba, classified under CWE-391. CVSS score: 6.5/10. Published 2020-12-02.
How severe is CVE-2020-14383?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2020-14383 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.