CVE-2018-10858Improper Input Validation in Samba

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
8.8HIGHNVD
CNA4.3
EPSS
5.9%
top 9.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
SambaTHE Samba Team SambaCanonical Ubuntu Linux+6 more
Timeline
PublishedAug 22
Latest updateMay 14

Description

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

NVDsamba/samba4.7.04.7.9+2
Debiansamba/samba< 2:4.8.4+dfsg-1+3
Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.14.04.16+2
CVEListV5the_samba_team/samba4.6.16, 4.7.9, 4.8.4+2

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04

🔴Vulnerability Details

4
GHSA
GHSA-76v4-f6wg-3fqw: A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing2022-05-14
CVEList
CVE-2018-10858: A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing2018-08-22
OSV
CVE-2018-10858: A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing2018-08-22
OSV
samba vulnerabilities2018-08-14

📋Vendor Advisories

3
Red Hat
samba: Insufficient input validation in libsmbclient2018-08-16
Ubuntu
Samba vulnerabilities2018-08-14
Debian
CVE-2018-10858: samba - A heap-buffer overflow was found in the way samba clients processed extra long f...2018

💬Community

2
Bugzilla
CVE-2018-10858 samba: insufficient input validation in libsmbclient [fedora-all]2018-08-17
Bugzilla
CVE-2018-10858 samba: Insufficient input validation in libsmbclient2018-08-06
CVE-2018-10858 — Improper Input Validation in Samba | cvebase