CVE-2015-5330Sensitive Information Exposure in Samba

CWE-200Sensitive Information ExposureCWE-135Incorrect Calculation of Multi-Byte String Length13 documents7 sources
Severity
7.5HIGHNVD
OSV5.3
EPSS
1.6%
top 18.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SambaDebian LDBDebian Samba
Timeline
PublishedDec 29
Latest updateMay 17

Description

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

debiandebian/samba< ldb 2:1.1.24-1 (bullseye)
Debiansamba/samba< 2:4.1.22+dfsg-1+3
Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.11+1
NVDsamba/samba57 versions+56
debiandebian/ldb< ldb 2:1.1.24-1 (bullseye)

🔴Vulnerability Details

5
GHSA
GHSA-r5pq-r3w3-76q7: ldb before 12022-05-17
OSV
samba regression2016-02-16
OSV
samba vulnerabilities2016-01-05
OSV
ldb vulnerabilities2016-01-05
OSV
CVE-2015-5330: ldb before 12015-12-29

📋Vendor Advisories

5
Ubuntu
Samba regression2016-02-16
Ubuntu
ldb vulnerabilities2016-01-05
Ubuntu
Samba vulnerabilities2016-01-05
Red Hat
libldb: remote memory read in the Samba LDAP server2015-12-16
Debian
CVE-2015-5330: ldb - ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2...2015

💬Community

2
Bugzilla
CVE-2015-5330 libldb: samba: Remote memory read in Samba LDAP server [fedora-all]2015-12-16
Bugzilla
CVE-2015-5330 samba, libldb: remote memory read in the Samba LDAP server2015-11-12