CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
50.4%
samba is vulnerable to Out-of-bounds Read. The vulnerability is found within ‘winbindd_pam_auth_crap.c’ and occurs due to insufficient length checks resulting in a malicious request to trigger an out-of-bounds read.
Vendor | Product | Version | CPE |
---|---|---|---|
- | samba\ | sid | cpe:2.3:a:-:samba\:sid:2\:4.13.2+dfsg-3:*:*:*:*:*:*:* |
- | samba\ | sid | cpe:2.3:a:-:samba\:sid:2\:4.13.5+dfsg-2:*:*:*:*:*:*:* |
- | samba\ | bullseye | cpe:2.3:a:-:samba\:bullseye:2\:4.13.4+dfsg-1:*:*:*:*:*:*:* |
- | samba\ | bullseye | cpe:2.3:a:-:samba\:bullseye:2\:4.13.5+dfsg-2:*:*:*:*:*:*:* |
- | samba\ | bullseye | cpe:2.3:a:-:samba\:bullseye:2\:4.12.5+dfsg-3:*:*:*:*:*:*:* |
access.redhat.com/errata/RHSA-2023:6667
access.redhat.com/errata/RHSA-2023:7139
access.redhat.com/errata/RHSA-2024:0423
access.redhat.com/errata/RHSA-2024:0580
access.redhat.com/security/cve/CVE-2022-2127
bugzilla.redhat.com/show_bug.cgi?id=2222791
lists.debian.org/debian-lts-announce/2024/04/msg00015.html
lists.fedoraproject.org/archives/list/[email protected]/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
lists.fedoraproject.org/archives/list/[email protected]/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
security-tracker.debian.org/tracker/CVE-2022-2127
security.netapp.com/advisory/ntap-20230731-0010/
www.debian.org/security/2023/dsa-5477
www.samba.org/samba/security/CVE-2022-2127.html