CLSA-2026-1773050498 Fix CVE(s): CVE-2025-10230

SECURITY UPDATE: remote command execution via unsanitized WINS hook NetBIOS name handling in Samba AD DC - debian/patches/CVE-2025-10230.patch: validate NetBIOS names in source4 WINS hook to prevent shell metacharacter injection - debian/patches/CVE-2025-10230-test.patch: add torture tests for WI...

AZL-69782 CVE-2025-10230 affecting package samba 4.12.5-7

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdusize in ksmbdconnhandlerloop, leading to an out-of-bounds read...

PT-2023-7449 · Canon · I-Sensys C1127I +15

Name of the Vulnerable Software and Affected Versions: Canon imageCLASS series versions prior to firmware Ver.11.04 Canon imageCLASS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C...

SUSE CVE-2017-17083

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer...

VulnCheck KEV: CVE-2018-7445

In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system...

ALPINE-CVE-2020-10745

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this...

Wireshark 'epan/dissectors/packet-netbios.c' Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in Wireshark 'epan/dissectors/packet-netbios.c'...

The vulnerability of the Windows operating system allows a hacker to intercept network traffic or bypass the Enhanced Protected Mode (EPM) or application’s security mechanisms. As a result, unauthorized content can be displayed in the browser.

The vulnerability of the Windows operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to intercept network traffic or bypass the Enhanced Protected Mode EPM or application security mechanisms. As a result, unauthorized content can be...

The vulnerability of the Simatic PCS 7 software allows a remote attacker to compromise the confidentiality of protected information.

The vulnerability exists in Web Navigator of Siemens WinCC due to the different behaviors of NetBIOS user names, depending on whether a user account exists or not. Exploiting this vulnerability allows remote users who have been authenticated to list user accounts using specially crafted URL...

Vulnerability of the Windows operating system and the Internet Explorer browser, allowing attackers to increase their privileges

The vulnerability of the Web Proxy Auto Discovery protocol for the Windows operating system and the Internet Explorer browser is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely by using the NetBIOS name...

samba: remote code execution in nmbd

A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon nmbd. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges...