Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2012-1182 — Improper Handling of Syntactically Invalid Structure in Samba
Severity
10.0CRITICALNVD
EPSS
76.8%
top 1.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 10
Latest updateMay 14
Description
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages3 packages
🔴Vulnerability Details
2💥Exploits & PoCs
2📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output [fedora-all]↗2012-04-13
Bugzilla▶
CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output [fedora-all]↗2012-04-10
Bugzilla▶
CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output↗2012-03-16