{"id":"CVE-2021-3670","details":"MaxQueryDuration not honoured in Samba AD DC LDAP","modified":"2026-04-11T16:26:25.046321Z","published":"2022-08-23T16:15:09.393Z","related":["CGA-gcrh-2xg6-prg3","SUSE-SU-2022:1576-1","SUSE-SU-2022:2307-1","openSUSE-SU-2024:11882-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202309-06"},{"type":"FIX","url":"https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f"},{"type":"FIX","url":"https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393"},{"type":"FIX","url":"https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803"},{"type":"FIX","url":"https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2077533"},{"type":"FIX","url":"https://bugzilla.samba.org/show_bug.cgi?id=14694"},{"type":"FIX","url":"https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002"},{"type":"FIX","url":"https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b"},{"type":"FIX","url":"https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/samba-team/samba","events":[{"introduced":"a6fb418be7adccdd583a3b489b58023cfdd392ef"},{"fixed":"e95d85f784ae6b19f2cb42cc9039b60b146e5b69"},{"introduced":"0"},{"last_affected":"4fba936a8ab9afbdb7eaf2789d57850fbec35a77"},{"fixed":"1d5b155619bc532c46932965b215bd73a920e56f"},{"fixed":"2b3af3b560c9617a233c131376c870fce146c002"},{"fixed":"3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393"},{"fixed":"5f0590362c5c0c5ee20503a67467f9be2d50e73b"},{"fixed":"86fe9d48883f87c928bf31ccbd275db420386803"},{"fixed":"dcfcafdbf756e12d9077ad7920eea25478c29f81"},{"fixed":"e1ab0c43629686d1d2c0b0b2bcdc90057a792049"}],"database_specific":{"versions":[{"introduced":"4.1.0"},{"fixed":"4.16.0"},{"introduced":"0"},{"last_affected":"3.0"}]}}],"versions":["ldb-1.1.0","ldb-1.1.10","ldb-1.1.11","ldb-1.1.12","ldb-1.1.13","ldb-1.1.14","ldb-1.1.15","ldb-1.1.16","ldb-1.1.17","ldb-1.1.18","ldb-1.1.19","ldb-1.1.2","ldb-1.1.20","ldb-1.1.21","ldb-1.1.22","ldb-1.1.23","ldb-1.1.25","ldb-1.1.26","ldb-1.1.27","ldb-1.1.28","ldb-1.1.29","ldb-1.1.3","ldb-1.1.30","ldb-1.1.31","ldb-1.1.4","ldb-1.1.5","ldb-1.1.6","ldb-1.1.8","ldb-1.1.9","ldb-1.2.0","ldb-1.2.1","ldb-1.2.2","ldb-1.3.0","ldb-1.3.1","ldb-1.3.2","ldb-1.4.0","ldb-1.4.1","ldb-1.5.0","ldb-1.5.1","ldb-1.5.2","ldb-1.6.1","ldb-1.6.2","ldb-1.6.3","ldb-2.0.5","ldb-2.1.0","ldb-2.1.1","ldb-2.2.0","ldb-2.4.0","ldb-2.5.0","samba-4.0.0alpha10","samba-4.0.0alpha17","samba-4.0.0alpha18","samba-4.0.0alpha19","samba-4.0.0alpha20","samba-4.0.0alpha21","samba-4.0.0alpha6","samba-4.0.0alpha7","samba-4.0.0alpha8","samba-4.0.0alpha9","samba-4.0.0beta1","samba-4.0.0beta2","samba-4.0.0beta3","samba-4.0.0beta4","samba-4.0.0beta5","samba-4.0.0beta6","samba-4.0.0beta7","samba-4.0.0beta8","samba-4.0.0rc1","samba-4.10.0rc1","samba-4.11.0rc1","samba-4.12.0rc1","samba-4.13.0rc1","samba-4.14.0rc1","samba-4.15.0rc1","samba-4.16.0rc1","samba-4.16.0rc2","samba-4.16.0rc3","samba-4.16.0rc4","samba-4.16.0rc5","samba-4.2.0rc1","samba-4.3.0rc1","samba-4.4.0rc1","samba-4.5.0rc1","samba-4.6.0rc1","samba-4.7.0rc1","samba-4.8.0rc1","samba-4.9.0rc1","samba-misc-tags/samba-3-0-split","talloc-1.3.1","talloc-2.0.0","talloc-2.0.7","talloc-2.0.8","talloc-2.1.0","talloc-2.1.1","talloc-2.1.10","talloc-2.1.11","talloc-2.1.12","talloc-2.1.13","talloc-2.1.14","talloc-2.1.15","talloc-2.1.16","talloc-2.1.2","talloc-2.1.3","talloc-2.1.4","talloc-2.1.5","talloc-2.1.6","talloc-2.1.7","talloc-2.1.8","talloc-2.1.9","talloc-2.2.0","talloc-2.3.0","talloc-2.3.1","talloc-2.3.2","talloc-2.3.3","tdb-1.1.5","tdb-1.2.0","tdb-1.2.1","tdb-1.2.10","tdb-1.2.11","tdb-1.2.12","tdb-1.2.13","tdb-1.3.0","tdb-1.3.1","tdb-1.3.10","tdb-1.3.11","tdb-1.3.12","tdb-1.3.13","tdb-1.3.14","tdb-1.3.15","tdb-1.3.16","tdb-1.3.17","tdb-1.3.18","tdb-1.3.2","tdb-1.3.3","tdb-1.3.4","tdb-1.3.5","tdb-1.3.6","tdb-1.3.7","tdb-1.3.8","tdb-1.3.9","tdb-1.4.0","tdb-1.4.1","tdb-1.4.2","tdb-1.4.3","tdb-1.4.4","tdb-1.4.5","tdb-1.4.6","tevent-0.10.0","tevent-0.10.1","tevent-0.10.2","tevent-0.11.0","tevent-0.9.11","tevent-0.9.12","tevent-0.9.13","tevent-0.9.14","tevent-0.9.15","tevent-0.9.16","tevent-0.9.17","tevent-0.9.18","tevent-0.9.19","tevent-0.9.20","tevent-0.9.21","tevent-0.9.22","tevent-0.9.23","tevent-0.9.24","tevent-0.9.25","tevent-0.9.26","tevent-0.9.27","tevent-0.9.28","tevent-0.9.29","tevent-0.9.30","tevent-0.9.31","tevent-0.9.32","tevent-0.9.33","tevent-0.9.34","tevent-0.9.35","tevent-0.9.36","tevent-0.9.37","tevent-0.9.38","tevent-0.9.39","tevent-0.9.8"],"database_specific":{"vanir_signatures_modified":"2026-04-11T16:26:25Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3670.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]}],"vanir_signatures":[{"source":"https://gitlab.com/samba-team/samba@5f0590362c5c0c5ee20503a67467f9be2d50e73b","signature_type":"Function","id":"CVE-2021-3670-004ee273","signature_version":"v1","digest":{"function_hash":"140660789039839351933530232508196067908","length":935},"deprecated":false,"target":{"function":"anr_search","file":"source4/dsdb/samdb/ldb_modules/anr.c"}},{"source":"https://gitlab.com/samba-team/samba@5f0590362c5c0c5ee20503a67467f9be2d50e73b","signature_type":"Function","id":"CVE-2021-3670-1ef5abed","signature_version":"v1","digest":{"function_hash":"255573346019232468578895413180855613080","length":2216},"deprecated":false,"target":{"function":"anr_replace_value","file":"source4/dsdb/samdb/ldb_modules/anr.c"}},{"source":"https://gitlab.com/samba-team/samba@86fe9d48883f87c928bf31ccbd275db420386803","signature_type":"Line","id":"CVE-2021-3670-2f8f1b01","signature_version":"v1","digest":{"line_hashes":["257134383621022180430341517228613950352","13476101461585947304094556437473517451","312115836377266472331192355368425254815","260739068273728120731299785846177563543"],"threshold":0.9},"deprecated":false,"target":{"file":"source4/ldap_server/ldap_backend.c"}},{"source":"https://gitlab.com/samba-team/samba@5f0590362c5c0c5ee20503a67467f9be2d50e73b","signature_type":"Line","id":"CVE-2021-3670-5c82a259","signature_version":"v1","digest":{"line_hashes":["324477994679950957093285663870802509335","242267878449314875707237900273356096250","19651545433478516557128511553831751186","65821411574943233752092281383074872630","76254669471676968810860169280674545496","302661813607275910960241899858841372754","200080601591592802173837568135868637899","279329746248371453131091738248744253209","87886221824957599593084516043584579448","143117416240118726873643849046101757072","32701588612259651543972535819867335800","185589566910956787059550230233129583079","153591063604456870132051993121410524252","90949915423991205979513410439232704214","332025814898088604940636666944521920896","205751465568570807924783170887702722142","34940777225048522061248372682250961343","207540546163165694874432507191338010965","310325566523452142079002333661793146021","217518706006208338750963518948218872418","171959355562658611312464847784055768315","260056859722301846205037420720106829515","317378505311345154423953390592249495668","309742553583687732162641109620997909167","91075003706424088633163938955464850994","302253275304262939285676993052350762791"],"threshold":0.9},"deprecated":false,"target":{"file":"source4/dsdb/samdb/ldb_modules/anr.c"}},{"source":"https://gitlab.com/samba-team/samba@1d5b155619bc532c46932965b215bd73a920e56f","signature_type":"Function","id":"CVE-2021-3670-62a8fa67","signature_version":"v1","digest":{"function_hash":"287276421860959349071956566256636628235","length":2852},"deprecated":false,"target":{"function":"ldb_kv_index_filter","file":"lib/ldb/ldb_key_value/ldb_kv_index.c"}},{"source":"https://gitlab.com/samba-team/samba@3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393","signature_type":"Line","id":"CVE-2021-3670-92254231","signature_version":"v1","digest":{"line_hashes":["218201847973535123329140390700765324751","281379334324529194928912683907972957863","174038611912692203196093682464624957641","60998398758963538646530442529824592592","289905422911420284674574959563452872665","130008625861187377466101077582418937003","96873372489111151905689643007277034986","229178738965478370924747026171042925224","237578600856601424233301027893482160355","205224528761393629278556547248869057867","325266253554212192929907609581049922358","25258794814446549928341982793730193517","140413815498218854978550392315176288580","81293539408077020001411347930928800831","312325968061043476524968627353274755635","102430271227577454924747232817431020121","273872236034109415382895794928780633571","176394382257109716292160147901631347823","273850490611746722339073394225520658707","196150090400653932612991175012158906592","221873561809706188486128670448941246548","152299578466332906301402008075328210292","60892262913314871771861611725311137405","100590686074072529830138597219519603649","197911408618666002582359978551398579965","49452945404467118829034363077388248868","231357288427760380024530606264851233712","39789280061827802750913741945794483554","66761077502144228165272793566069537195","269661626490697789572125348069785332424","288403087518499101037668638409477412703","2547436616698624026103990145084573592"],"threshold":0.9},"deprecated":false,"target":{"file":"source4/ldap_server/ldap_backend.c"}},{"source":"https://gitlab.com/samba-team/samba@e1ab0c43629686d1d2c0b0b2bcdc90057a792049","signature_type":"Line","id":"CVE-2021-3670-9362bf86","signature_version":"v1","digest":{"line_hashes":["40839706673654048185466208915382149063","60890190840696162188971859196099900997","288072475795060836316624145659723637940","8944997256934763403811087795108325986"],"threshold":0.9},"deprecated":false,"target":{"file":"source4/ldap_server/ldap_server.c"}},{"source":"https://gitlab.com/samba-team/samba@2b3af3b560c9617a233c131376c870fce146c002","signature_type":"Function","id":"CVE-2021-3670-98999087","signature_version":"v1","digest":{"function_hash":"75883391030975542610980306216619218978","length":5202},"deprecated":false,"target":{"function":"ldapsrv_SearchRequest","file":"source4/ldap_server/ldap_backend.c"}},{"source":"https://gitlab.com/samba-team/samba@3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393","signature_type":"Function","id":"CVE-2021-3670-9b007292","signature_version":"v1","digest":{"function_hash":"312889073029742577458622498784077156536","length":5036},"deprecated":false,"target":{"function":"ldapsrv_SearchRequest","file":"source4/ldap_server/ldap_backend.c"}},{"source":"https://gitlab.com/samba-team/samba@1d5b155619bc532c46932965b215bd73a920e56f","signature_type":"Function","id":"CVE-2021-3670-c118f41d","signature_version":"v1","digest":{"function_hash":"144893149862373196283408976404927854247","length":1600},"deprecated":false,"target":{"function":"ldb_kv_handle_request","file":"lib/ldb/ldb_key_value/ldb_kv.c"}},{"source":"https://gitlab.com/samba-team/samba@1d5b155619bc532c46932965b215bd73a920e56f","signature_type":"Line","id":"CVE-2021-3670-dd5ca07d","signature_version":"v1","digest":{"line_hashes":["17857222310924995007308719621498355818","46590608395811176103060573385616707823","263306912463245318381269086227111843722"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/ldb/ldb_key_value/ldb_kv.c"}},{"source":"https://gitlab.com/samba-team/samba@1d5b155619bc532c46932965b215bd73a920e56f","signature_type":"Line","id":"CVE-2021-3670-dddd5d7c","signature_version":"v1","digest":{"line_hashes":["148381618686401899059581758031761777034","197434684616686294709033288024340743159","197671131302392094856960182701122643569"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/ldb/ldb_key_value/ldb_kv.h"}},{"source":"https://gitlab.com/samba-team/samba@2b3af3b560c9617a233c131376c870fce146c002","signature_type":"Line","id":"CVE-2021-3670-e1c644fb","signature_version":"v1","digest":{"line_hashes":["235999378289500362597579037067512031739","315251787968051704566018217247560059188","127654405680441790211923946727701043833","102801648280075382797125825000104788923","159904073462860710039947041787185882941","90928131352697353845497445811552322227"],"threshold":0.9},"deprecated":false,"target":{"file":"source4/ldap_server/ldap_backend.c"}},{"source":"https://gitlab.com/samba-team/samba@86fe9d48883f87c928bf31ccbd275db420386803","signature_type":"Function","id":"CVE-2021-3670-e71645fa","signature_version":"v1","digest":{"function_hash":"159144265889207250205492569203344588741","length":5056},"deprecated":false,"target":{"function":"ldapsrv_SearchRequest","file":"source4/ldap_server/ldap_backend.c"}},{"source":"https://gitlab.com/samba-team/samba@1d5b155619bc532c46932965b215bd73a920e56f","signature_type":"Line","id":"CVE-2021-3670-f2569e43","signature_version":"v1","digest":{"line_hashes":["50741826844135751197142997959541974871","309816296243692156798292312336275063467","195443582228015611251250553482872926391","139393169712159050866246536090152323732"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/ldb/ldb_key_value/ldb_kv_index.c"}},{"source":"https://gitlab.com/samba-team/samba@e1ab0c43629686d1d2c0b0b2bcdc90057a792049","signature_type":"Function","id":"CVE-2021-3670-f7dd0070","signature_version":"v1","digest":{"function_hash":"44707187084874118835357391961185125928","length":2352},"deprecated":false,"target":{"function":"ldapsrv_load_limits","file":"source4/ldap_server/ldap_server.c"}},{"source":"https://gitlab.com/samba-team/samba@1d5b155619bc532c46932965b215bd73a920e56f","signature_type":"Line","id":"CVE-2021-3670-f83b69ed","signature_version":"v1","digest":{"line_hashes":["11705995154376806848434841801717341697","221409456339033386220210798989837168577","157079551000249142525381758350114164854","93105929662749977529050128861074723736","140088116546578434859642656168664215788","218030418042385924116130091688758088640","335894730469423328007936089752353319672"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/ldb/ldb_key_value/ldb_kv_search.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}