CVE-2017-15275Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents10 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
43.3%
top 2.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
SambaDebian SambaCanonical Ubuntu Linux+7 more
Timeline
PublishedNov 27
Latest updateDec 29

Description

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

NVDsamba/samba3.6.04.5.15+2
debiandebian/samba< samba 2:4.7.1+dfsg-2 (bookworm)
Debiansamba/samba< 2:4.7.1+dfsg-2+3
Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.14.04.13+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.04, 17.10

🔴Vulnerability Details

3
GHSA
GHSA-3rgf-xqhg-x97j: Samba before 42022-05-14
OSV
CVE-2017-15275: Samba before 42017-11-27
OSV
samba vulnerabilities2017-11-21

📋Vendor Advisories

5
Ubuntu
Samba vulnerabilities2017-11-21
Red Hat
samba: Server heap-memory disclosure2017-11-21
Ubuntu
Samba vulnerability2017-11-21
Microsoft
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.2017-11-14
Debian
CVE-2017-15275: samba - Samba before 4.7.3 might allow remote attackers to obtain sensitive information ...2017

🕵️Threat Intelligence

2
Crowdstrike
Trying to Dance the Samba: An Exercise in Weaponizing Vulnerabilities
Crowdstrike
Trying to Dance the Samba: An Exercise in Weaponizing Vulnerabilities

📄Research Papers

1
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware2022-12-29

💬Community

2
Bugzilla
CVE-2017-14746 CVE-2017-15275 samba: various flaws [fedora-all]2017-11-21
Bugzilla
CVE-2017-15275 samba: Server heap-memory disclosure2017-11-13
CVE-2017-15275 — Samba vulnerability | cvebase