samba: server memory information leak via SMB1

🗓️ 15 Nov 2022 15:20:44Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

Samba memory leak exposed via improper range checking in write requests could write server memory contents into files.

Reporter	Title	Published	Views	Family All 228
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Samba shipped with IBM OS Image for Red Hat Enterprise Linux System (CVE-2022-32742)	14 Apr 202318:49	–	ibm
IBM Security Bulletins	Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)	17 Aug 202214:18	–	ibm
ATTACKERKB	CVE-2022-32742	25 Aug 202218:15	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : samba (ALAS2022-2022-213)	9 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-032)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : samba (ALAS-2023-2166)	26 Jul 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : samba (ALAS-2022-1642)	10 Dec 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0176: samba (ALINUX3-SA-2022:0176)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : samba (ALSA-2022:7111)	25 Oct 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : samba (ALSA-2022:8317)	21 Nov 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	9	ppc64le	ctdb	0:4.16.4-101.el9	ctdb-0:4.16.4-101.el9.ppc64le.rpm
Red Hat Enterprise Linux	9	s390x	ctdb	0:4.16.4-101.el9	ctdb-0:4.16.4-101.el9.s390x.rpm
Red Hat Enterprise Linux	9	x86_64	ctdb	0:4.16.4-101.el9	ctdb-0:4.16.4-101.el9.x86_64.rpm
Red Hat Enterprise Linux	9	aarch64	ctdb-debuginfo	0:4.16.4-101.el9	ctdb-debuginfo-0:4.16.4-101.el9.aarch64.rpm
Red Hat Enterprise Linux	9	i686	ctdb-debuginfo	0:4.16.4-101.el9	ctdb-debuginfo-0:4.16.4-101.el9.i686.rpm
Red Hat Enterprise Linux	9	ppc64le	ctdb-debuginfo	0:4.16.4-101.el9	ctdb-debuginfo-0:4.16.4-101.el9.ppc64le.rpm
Red Hat Enterprise Linux	9	s390x	ctdb-debuginfo	0:4.16.4-101.el9	ctdb-debuginfo-0:4.16.4-101.el9.s390x.rpm
Red Hat Enterprise Linux	9	x86_64	ctdb-debuginfo	0:4.16.4-101.el9	ctdb-debuginfo-0:4.16.4-101.el9.x86_64.rpm
Red Hat Enterprise Linux	9	aarch64	libsmbclient	0:4.16.4-101.el9	libsmbclient-0:4.16.4-101.el9.aarch64.rpm
Red Hat Enterprise Linux	9	i686	libsmbclient	0:4.16.4-101.el9	libsmbclient-0:4.16.4-101.el9.i686.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2022-32742
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-32742
cve	www.cve.org/CVERecord
samba	www.samba.org/samba/security/CVE-2022-32742.html

26 Dec 2025 15:21Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.14.3

EPSS0.00574

SSVC

Samba memory leak memory exposure improper range checking server memory write file write vulnerability