CVE-2013-4408Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-130Improper Handling of Length Parameter InconsistencyCWE-122Heap-based Buffer Overflow8 documents7 sources
Severity
8.3HIGHNVD
EPSS
2.9%
top 13.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SambaDebian Samba
Timeline
PublishedDec 10
Latest updateMay 17

Description

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages3 packages

debiandebian/samba< samba 2:4.0.13+dfsg-1 (bookworm)
Debiansamba/samba< 2:4.0.13+dfsg-1+3
NVDsamba/samba165 versions+164

🔴Vulnerability Details

2
GHSA
GHSA-vwx5-5c9r-mmrh: Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util2022-05-17
OSV
CVE-2013-4408: Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util2013-12-10

📋Vendor Advisories

3
Ubuntu
Samba vulnerabilities2013-12-11
Red Hat
samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check2013-12-09
Debian
CVE-2013-4408: samba - Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in libr...2013

💬Community

2
Bugzilla
CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check [fedora-all]2013-12-09
Bugzilla
CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check2013-10-11