Lucene search

[email protected]CVE-2019-19344

HistoryJan 21, 2020 - 6:15 p.m.

CVE-2019-19344

2020-01-2118:15:00

CWE-416

[email protected]

web.nvd.nist.gov

189

samba

cve-2019-19344

use-after-free

realloc

nvd

security vulnerability

information security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.9%

JSON

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

VendorProductVersionCPE
redhatredhat\\-upgrade\\-tool*cpe:2.3:a:redhat:redhat\\-upgrade\\-tool:*:*:*:*:*:*:*:*
redhatredhat\\-upgrade\\-tool*cpe:2.3:a:redhat:redhat\\-upgrade\\-tool:*:*:*:*:*:*:*:*
redhatredhat\\-upgrade\\-tool*cpe:2.3:a:redhat:redhat\\-upgrade\\-tool:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	redhat\\-upgrade\\-tool	*	cpe:2.3:a:redhat:redhat\\-upgrade\\-tool::::::::
redhat	redhat\\-upgrade\\-tool	*	cpe:2.3:a:redhat:redhat\\-upgrade\\-tool::::::::
redhat	redhat\\-upgrade\\-tool	*	cpe:2.3:a:redhat:redhat\\-upgrade\\-tool::::::::