8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
70.5%
samba is vulnerable to denial of service (DoS) attacks. The library fails to guard against integer overflows when parsing a PAC on a 32-bit system, which allows an attacker with a forged PAC to corrupt the heap.
bugzilla.samba.org/show_bug.cgi?id=15203
github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583
security-tracker.debian.org/tracker/CVE-2022-42898
security.gentoo.org/glsa/202309-06
security.gentoo.org/glsa/202310-06
security.netapp.com/advisory/ntap-20230216-0008/
security.netapp.com/advisory/ntap-20230223-0001/
web.mit.edu/kerberos/advisories/
web.mit.edu/kerberos/krb5-1.19/
web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt
www.samba.org/samba/security/CVE-2022-42898.html
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
70.5%