CVE-2012-0817 — Sensitive Information Exposure in Samba

CWE-200 — Sensitive Information Exposure CWE-401 — Missing Release of Memory after Effective Lifetime7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

7.5%

top 8.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedJan 30

Latest updateMay 14

Description

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/samba< samba 2:3.6.3-1 (bookworm)

▶Debiansamba/samba< 2:3.6.3-1+3

▶NVDsamba/samba3.6.0, 3.6.1, 3.6.2+2

Patches

Patch: www.samba.org ↗Patch: www.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-mx9r-cchq-6rp6: Memory leak in smbd in Samba 3↗2022-05-14

▶

OSV

CVE-2012-0817: Memory leak in smbd in Samba 3↗2012-01-30

▶

📋Vendor Advisories

Red Hat

samba: DoS (smbd crash) due memory leak in management of fds for socket connections↗2012-01-29

▶

Debian

CVE-2012-0817: samba - Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause...↗2012

▶

💬Community

Bugzilla

CVE-2012-0817 samba: DoS (smbd crash) due memory leak in management of fds for socket connections↗2012-01-30

▶

Bugzilla

CVE-2012-0817 samba: DoS (smbd crash) due memory leak in management of fds for socket connections [fedora-16]↗2012-01-30

▶