CVE-2016-0771 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

5.9MEDIUMNVD

OSV5.1

EPSS

5.7%

top 9.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedMar 13

Latest updateMay 17

Description

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 1.6 | Impact: 4.2

Affected Packages4 packages

▶debiandebian/samba< samba 2:4.3.6+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.3.6+dfsg-1+3

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.13

▶NVDsamba/samba64 versions+63

🔴Vulnerability Details

GHSA

GHSA-mjrq-735v-hm5h: The internal DNS server in Samba 4↗2022-05-17

▶

OSV

CVE-2016-0771: The internal DNS server in Samba 4↗2016-03-13

▶

OSV

samba vulnerabilities↗2016-03-08

▶

📋Vendor Advisories

Red Hat

samba: Out-of-bounds read in internal DNS server↗2016-03-08

▶

Ubuntu

Samba vulnerabilities↗2016-03-08

▶

Debian

CVE-2016-0771: samba - The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x be...↗2016

▶

💬Community

Bugzilla

CVE-2016-0771 samba: Out-of-bounds read in internal DNS server↗2016-02-19

▶