CVE-2015-3223 — Infinite Loop in Samba

CWE-189 CWE-399 CWE-835 — Infinite Loop13 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

20.3%

top 4.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian LDB Debian Samba

Timeline

PublishedDec 29

Latest updateMay 17

Description

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶debiandebian/samba< ldb 2:1.1.24-1 (bullseye)

▶Debiansamba/samba< 2:4.1.22+dfsg-1+3

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.11+1

▶NVDsamba/samba57 versions+56

▶debiandebian/ldb< ldb 2:1.1.24-1 (bullseye)

🔴Vulnerability Details

GHSA

GHSA-mfhq-m29x-g5ww: The ldb_wildcard_compare function in ldb_match↗2022-05-17

▶

OSV

samba regression↗2016-02-16

▶

OSV

samba vulnerabilities↗2016-01-05

▶

OSV

ldb vulnerabilities↗2016-01-05

▶

OSV

CVE-2015-3223: The ldb_wildcard_compare function in ldb_match↗2015-12-29

▶

📋Vendor Advisories

Ubuntu

Samba regression↗2016-02-16

▶

Ubuntu

ldb vulnerabilities↗2016-01-05

▶

Ubuntu

Samba vulnerabilities↗2016-01-05

▶

Red Hat

libldb: Remote DoS in Samba (AD) LDAP server↗2015-12-16

▶

Debian

CVE-2015-3223: ldb - The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used i...↗2015

▶

💬Community

Bugzilla

CVE-2015-5299 CVE-2015-7540 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 samba: various flaws [fedora-all]↗2015-12-16

▶

Bugzilla

CVE-2015-3223 libldb: Remote DoS in Samba (AD) LDAP server↗2015-12-10

▶