CVE-2017-15275
published 2017-11-27CVE-2017-15275: Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
PriorityP351high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
21.41%
97.3th percentile
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | samba | < samba 2:4.7.1+dfsg-2 (bookworm) | samba 2:4.7.1+dfsg-2 (bookworm) |
| msrc | azl3_samba_4.18.3-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| samba | samba | >= 0 < 2:4.7.1+dfsg-2 | 2:4.7.1+dfsg-2 |
| samba | samba | >= 0 < 2:4.7.1+dfsg-2 | 2:4.7.1+dfsg-2 |
| samba | samba | >= 0 < 2:4.7.1+dfsg-2 | 2:4.7.1+dfsg-2 |
| samba | samba | >= 0 < 2:4.7.1+dfsg-2 | 2:4.7.1+dfsg-2 |
| samba | samba | >= 0 < 2:4.3.11+dfsg-0ubuntu0.14.04.13 | 2:4.3.11+dfsg-0ubuntu0.14.04.13 |
| samba | samba | >= 0 < 2:4.3.11+dfsg-0ubuntu0.16.04.12 | 2:4.3.11+dfsg-0ubuntu0.16.04.12 |
| samba | samba | >= 3.6.0 < 4.5.15 | 4.5.15 |
| samba | samba | >= 4.6.0 < 4.6.11 | 4.6.11 |
| samba | samba | >= 4.7.0 < 4.7.3 | 4.7.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2017-11-21·CVSS 9.8
CVE-2017-14746 [CRITICAL] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when processing certain SMB1 requests. A remote attacker could possibly use
this issue to execute arbitrary code. (CVE-2017-14746)
Volker Lendecke discovered that Samba incorrectly cleared memory when
returning data to a client. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2017-15275)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
samba: Server heap-memory disclosure
vendor_redhat·2017-11-21·CVSS 7.5
CVE-2017-15275 [HIGH] samba: Server heap-memory disclosure
samba: Server heap-memory disclosure
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server.
Package: samba (Red Hat Enterprise Linux 5) - Will not fix
Package: samba (Red Hat Enterprise Linux 6) - Will not fix
Ubuntu
Samba vulnerability
vendor_ubuntu·2017-11-21·CVSS 7.5
CVE-2017-15275 [HIGH] Samba vulnerability
Title: Samba vulnerability
Summary: Samba could be made to expose sensitive information over the
network.
USN-3486-1 fixed a vulnerability in Samba. This update provides the
corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Volker Lendecke discovered that Samba incorrectly cleared memory when
returning data to a client. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2017-15275)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
vendor_msrc·2017-11-14·CVSS 7.5
CVE-2017-15275 [HIGH] CWE-119 Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Debian
CVE-2017-15275: samba - Samba before 4.7.3 might allow remote attackers to obtain sensitive information ...
vendor_debian·2017·CVSS 7.5
CVE-2017-15275 [HIGH] CVE-2017-15275: samba - Samba before 4.7.3 might allow remote attackers to obtain sensitive information ...
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Scope: local
bookworm: resolved (fixed in 2:4.7.1+dfsg-2)
bullseye: resolved (fixed in 2:4.7.1+dfsg-2)
forky: resolved (fixed in 2:4.7.1+dfsg-2)
sid: resolved (fixed in 2:4.7.1+dfsg-2)
trixie: resolved (fixed in 2:4.7.1+dfsg-2)
GHSA
GHSA-3rgf-xqhg-x97j: Samba before 4
ghsa_unreviewed·2022-05-14
CVE-2017-15275 [HIGH] CWE-119 GHSA-3rgf-xqhg-x97j: Samba before 4
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
OSV
CVE-2017-15275: Samba before 4
osv·2017-11-27·CVSS 7.5
CVE-2017-15275 [HIGH] CVE-2017-15275: Samba before 4
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
OSV
samba vulnerabilities
osv·2017-11-21·CVSS 9.8
CVE-2017-14746 [CRITICAL] samba vulnerabilities
samba vulnerabilities
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory
when processing certain SMB1 requests. A remote attacker could possibly use
this issue to execute arbitrary code. (CVE-2017-14746)
Volker Lendecke discovered that Samba incorrectly cleared memory when
returning data to a client. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2017-15275)
No detection rules found.
No public exploits indexed.
Crowdstrike
Trying to Dance the Samba: An Exercise in Weaponizing Vulnerabilities
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Trying to Dance the Samba: An Exercise in Weaponizing Vulnerabilities
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
Trying to Dance the Samba: An Exercise in Weaponizing Vulnerabilities
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Trying to Dance the Samba: An Exercise in Weaponizing Vulnerabilities
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
Bugzilla
CVE-2017-14746 CVE-2017-15275 samba: various flaws [fedora-all]
bugzilla·2017-11-21·CVSS 9.8
CVE-2017-14746 [CRITICAL] CVE-2017-14746 CVE-2017-15275 samba: various flaws [fedora-all]
CVE-2017-14746 CVE-2017-15275 samba: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Wh
Bugzilla
CVE-2017-15275 samba: Server heap-memory disclosure
bugzilla·2017-11-13·CVSS 7.5
CVE-2017-15275 [HIGH] CVE-2017-15275 samba: Server heap-memory disclosure
CVE-2017-15275 samba: Server heap-memory disclosure
As per upstream samba advisory:
All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.
There is no known vulnerability associated with this error, but uncleared heap memory may contain previously used data that may help an attacker compromise the server via other methods. Uncleared heap memory may potentially contain password hashes or other high-value data.
Discussion:
Acknowledgements:
Name: the Samba project
Upstream: Volker Lendecke (SerNet and the Samba Team)
---
External References:
https://www.samba.org/samba/security/CVE-2017-15275.html
---
Created samba tracking bugs for this issue:
Affects: fedo
http://www.securityfocus.com/bid/101908http://www.securitytracker.com/id/1039855http://www.ubuntu.com/usn/USN-3486-1http://www.ubuntu.com/usn/USN-3486-2https://access.redhat.com/errata/RHSA-2017:3260https://access.redhat.com/errata/RHSA-2017:3261https://access.redhat.com/errata/RHSA-2017:3278https://lists.debian.org/debian-lts-announce/2017/11/msg00029.htmlhttps://security.gentoo.org/glsa/201805-07https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_ushttps://www.debian.org/security/2017/dsa-4043https://www.samba.org/samba/security/CVE-2017-15275.htmlhttps://www.synology.com/support/security/Synology_SA_17_72_Sambahttp://www.securityfocus.com/bid/101908http://www.securitytracker.com/id/1039855http://www.ubuntu.com/usn/USN-3486-1http://www.ubuntu.com/usn/USN-3486-2https://access.redhat.com/errata/RHSA-2017:3260https://access.redhat.com/errata/RHSA-2017:3261https://access.redhat.com/errata/RHSA-2017:3278https://lists.debian.org/debian-lts-announce/2017/11/msg00029.htmlhttps://security.gentoo.org/glsa/201805-07https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_ushttps://www.debian.org/security/2017/dsa-4043https://www.samba.org/samba/security/CVE-2017-15275.htmlhttps://www.synology.com/support/security/Synology_SA_17_72_Samba
2017-11-27
Published