CLSA-2026-1773050498 Fix CVE(s): CVE-2025-10230

SECURITY UPDATE: remote command execution via unsanitized WINS hook NetBIOS name handling in Samba AD DC - debian/patches/CVE-2025-10230.patch: validate NetBIOS names in source4 WINS hook to prevent shell metacharacter injection - debian/patches/CVE-2025-10230-test.patch: add torture tests for WI...

AZL-69782 CVE-2025-10230 affecting package samba 4.12.5-7

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdusize in ksmbdconnhandlerloop, leading to an out-of-bounds read...

PT-2023-7449 · Canon · I-Sensys C1127I +15

Name of the Vulnerable Software and Affected Versions: Canon imageCLASS series versions prior to firmware Ver.11.04 Canon imageCLASS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C...

SUSE CVE-2017-17083

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer...

VulnCheck KEV: CVE-2018-7445

In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system...

ALPINE-CVE-2020-10745

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this...

Wireshark 'epan/dissectors/packet-netbios.c' Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in Wireshark 'epan/dissectors/packet-netbios.c'...

samba: remote code execution in nmbd

A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon nmbd. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges...