Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42483
HistoryAug 06, 2023 - 10:29 p.m.

Out-of-bounds Read

2023-08-0622:29:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
samba
out-of-bounds read
winbindd_pam_auth_crap.c

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.4%

samba is vulnerable to Out-of-bounds Read. The vulnerability is found within ‘winbindd_pam_auth_crap.c’ and occurs due to insufficient length checks resulting in a malicious request to trigger an out-of-bounds read.

Affected configurations

Vulners
Node
-samba\Matchsid2\4.13.2+dfsg-3
OR
-samba\Matchsid2\4.13.5+dfsg-2
OR
-samba\Matchbullseye2\4.13.4+dfsg-1
OR
-samba\Matchbullseye2\4.13.5+dfsg-2
OR
-samba\Matchbullseye2\4.12.5+dfsg-3
OR
-samba\Matchsid2\4.13.2+dfsg-3
OR
-samba\Matchsid2\4.13.5+dfsg-2
OR
-samba\Matchbullseye2\4.13.4+dfsg-1
OR
-samba\Matchbullseye2\4.13.5+dfsg-2
OR
-samba\Matchbullseye2\4.12.5+dfsg-3
VendorProductVersionCPE
-samba\sidcpe:2.3:a:-:samba\:sid:2\:4.13.2+dfsg-3:*:*:*:*:*:*:*
-samba\sidcpe:2.3:a:-:samba\:sid:2\:4.13.5+dfsg-2:*:*:*:*:*:*:*
-samba\bullseyecpe:2.3:a:-:samba\:bullseye:2\:4.13.4+dfsg-1:*:*:*:*:*:*:*
-samba\bullseyecpe:2.3:a:-:samba\:bullseye:2\:4.13.5+dfsg-2:*:*:*:*:*:*:*
-samba\bullseyecpe:2.3:a:-:samba\:bullseye:2\:4.12.5+dfsg-3:*:*:*:*:*:*:*

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.4%