CVE-2014-0244 — Improper Input Validation in Samba

CWE-20 — Improper Input Validation9 documents7 sources

Severity

3.3LOWNVD

OSV3.5

EPSS

20.0%

top 4.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedJun 23

Latest updateMay 14

Description

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/samba< samba 2:4.1.9+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.1.9+dfsg-1+3

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.2

▶NVDsamba/samba52 versions+51

🔴Vulnerability Details

GHSA

GHSA-5j3x-73cr-cpg5: The sys_recvfrom function in nmbd in Samba 3↗2022-05-14

▶

OSV

samba vulnerabilities↗2014-06-26

▶

OSV

CVE-2014-0244: The sys_recvfrom function in nmbd in Samba 3↗2014-06-23

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2014-06-26

▶

Red Hat

samba: nmbd denial of service↗2014-06-12

▶

Debian

CVE-2014-0244: samba - The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0...↗2014

▶

💬Community

Bugzilla

CVE-2014-0244 CVE-2014-3493 samba: various flaws [fedora-all]↗2014-06-23

▶

Bugzilla

CVE-2014-0244 samba: nmbd denial of service↗2014-05-14

▶