9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.017 Low
EPSS
Percentile
87.8%
Multiple format string vulnerabilities in client/client.c in smbclient in
Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to
execute arbitrary code via format string specifiers in a filename.
Author | Note |
---|---|
jdstrand | priority low as the vulnerability is reduced to denial of service due to compiler hardening does not affect 3.0 or 3.3 |
mdeslaur | confirmed trapped by compiler hardening, although could still be a DoS for tools that use smbclient in an automated way, so marking as low priority |