Samba SMB1 Out-Of-Bounds Read Information Disclosure Vulnerability

🗓️ 24 May 2023 00:00:00Reported by Luca Moro (@johncool__)Type

zdi🔗 www.zerodayinitiative.com👁 28 Views

Samba SMB1 Out-Of-Bounds Read Information Disclosure Vulnerability. Allows remote attackers to disclose sensitive information on affected installations. Authentication required. Crafted SMB1 command triggers buffer read past the end

Reporter	Title	Published	Views	Family All 228
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Samba shipped with IBM OS Image for Red Hat Enterprise Linux System (CVE-2022-32742)	14 Apr 202318:49	–	ibm
IBM Security Bulletins	Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)	17 Aug 202214:18	–	ibm
ATTACKERKB	CVE-2022-32742	25 Aug 202218:15	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : samba (ALAS2022-2022-213)	9 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-032)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : samba (ALAS-2023-2166)	26 Jul 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : samba (ALAS-2022-1642)	10 Dec 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0176: samba (ALINUX3-SA-2022:0176)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : samba (ALSA-2022:7111)	25 Oct 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : samba (ALSA-2022:8317)	21 Nov 202200:00	–	nessus

Source	Link
samba	www.samba.org/samba/security/CVE-2022-32742.html

24 May 2023 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 35.9

EPSS0.00574