CVE-2008-4314 — Sensitive Information Exposure in Samba

CWE-200 — Sensitive Information Exposure7 documents7 sources

Severity

8.5HIGHNVD

EPSS

12.7%

top 5.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedDec 1

Latest updateMay 2

Description

smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.

CVSS vector

AV:N/AC:L/C:C/I:N/A:PExploitability: 10.0 | Impact: 7.8

Affected Packages3 packages

▶debiandebian/samba< samba 2:3.2.5-1 (bookworm)

▶Debiansamba/samba< 2:3.2.5-1+3

▶NVDsamba/samba10 versions+9

🔴Vulnerability Details

GHSA

GHSA-39jc-3grc-wm33: smbd in Samba 3↗2022-05-02

▶

OSV

CVE-2008-4314: smbd in Samba 3↗2008-12-01

▶

📋Vendor Advisories

Red Hat

samba: arbitrary memory disclosure↗2008-11-27

▶

Ubuntu

Samba vulnerability↗2008-11-27

▶

Debian

CVE-2008-4314: samba - smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrar...↗2008

▶

💬Community

Bugzilla

CVE-2008-4314 samba: arbitrary memory disclosure↗2008-11-19

▶