CVE-2018-16851NULL Pointer Dereference in Samba

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
9.2%
top 7.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaDebian SambaCanonical Ubuntu Linux+1 more
Timeline
PublishedNov 28
Latest updateMay 13

Description

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDsamba/samba4.0.04.7.12+2
debiandebian/samba< samba 2:4.9.2+dfsg-2 (bookworm)
Debiansamba/samba< 2:4.9.2+dfsg-2+3
Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.14.04.19+2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: www.samba.orgPatch: www.samba.org

🔴Vulnerability Details

3
GHSA
GHSA-48v5-hp4g-w2rv: Samba from version 42022-05-13
OSV
CVE-2018-16851: Samba from version 42018-11-28
OSV
samba vulnerabilities2018-11-27

📋Vendor Advisories

4
Ubuntu
Samba vulnerabilities2018-11-27
Ubuntu
Samba vulnerabilities2018-11-27
Red Hat
samba: NULL pointer de-reference in Samba AD DC LDAP server2018-11-20
Debian
CVE-2018-16851: samba - Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable ...2018

💬Community

2
Bugzilla
CVE-2018-16851 samba: NULL pointer de-reference in Samba AD DC LDAP server [fedora-all]2018-11-28
Bugzilla
CVE-2018-16851 samba: NULL pointer de-reference in Samba AD DC LDAP server2018-11-05