CVE-2017-12163
Severity
7.1HIGH
EPSS
41.4%
top 2.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJul 26
Latest updateMay 13
Description
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
CVSS vector
CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 1.5 | Impact: 2.5
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-hvhw-9wrg-hf3q: An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4↗2022-05-13
CVEList▶
CVE-2017-12163: An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4↗2018-07-26
OSV▶
CVE-2017-12163: An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4↗2018-07-26
📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2017-12163: samba - An information leak flaw was found in the way SMB1 protocol was implemented by S...↗2017
💬Community
3Bugzilla▶
CVE-2017-15087 samba: Server memory information leak over SMB1 (incomplete fix for CVE-2017-12163)↗2017-10-24
Bugzilla
▶