CVE-2011-0719 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

10.3%

top 6.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedMar 1

Latest updateMay 14

Description

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/samba< samba 2:3.5.7~dfsg-1 (bookworm)

▶Debiansamba/samba< 2:3.5.7~dfsg-1+3

▶NVDsamba/samba104 versions+103

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-px2g-jrgw-pwrg: Samba 3↗2022-05-14

▶

OSV

CVE-2011-0719: Samba 3↗2011-03-01

▶

📋Vendor Advisories

Red Hat

Samba unsafe fd_set usage↗2011-02-28

▶

Ubuntu

Samba vulnerability↗2011-02-28

▶

Debian

CVE-2011-0719: samba - Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not pe...↗2011

▶

💬Community

Bugzilla

CVE-2011-0719 Samba unsafe fd_set usage [fedora-all]↗2011-03-03

▶

Bugzilla

CVE-2011-0719 Samba unsafe fd_set usage↗2011-02-17

▶