8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
36.2%
4.15.9-alt1 built Aug. 15, 2022 Evgeny Sinelnikov in task #302667
July 31, 2022 Evgeny Sinelnikov
- Update to security release of Samba 4.15
- Security fixes:
+ CVE-2022-2031: Samba AD users can bypass certain restrictions associated
with changing passwords (Samba#15047).
+ CVE-2022-32744: Samba AD users can forge password change requests for any
user (Samba#15074).
+ CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
or modify request (Samba#15008).
+ CVE-2022-32746: Samba AD users can induce a use-after-free in the server
process with an LDAP add or modify request (Samba#15009).
+ CVE-2022-32742: Server memory information leak via SMB1 (Samba#15085).