CVE-2019-19344
published 2020-01-21CVE-2019-19344: There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before…
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
3.07%
86.0th percentile
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | samba | < samba 2:4.11.5+dfsg-1 (bookworm) | samba 2:4.11.5+dfsg-1 (bookworm) |
| opensuse | leap | — | — |
| red_hat | samba | — | — |
| red_hat | samba | — | — |
| red_hat | samba | — | — |
| samba | samba | >= 0 < 2:4.11.5+dfsg-1 | 2:4.11.5+dfsg-1 |
| samba | samba | >= 0 < 2:4.11.5+dfsg-1 | 2:4.11.5+dfsg-1 |
| samba | samba | >= 0 < 2:4.11.5+dfsg-1 | 2:4.11.5+dfsg-1 |
| samba | samba | >= 0 < 2:4.11.5+dfsg-1 | 2:4.11.5+dfsg-1 |
| samba | samba | >= 0 < 2:4.3.11+dfsg-0ubuntu0.16.04.25 | 2:4.3.11+dfsg-0ubuntu0.16.04.25 |
| samba | samba | >= 0 < 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 | 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 |
| samba | samba | >= 4.10.0 < 4.10.12 | 4.10.12 |
| samba | samba | >= 4.11.0 < 4.11.5 | 4.11.5 |
| samba | samba | >= 4.9.0 < 4.9.18 | 4.9.18 |
| synology | diskstation_manager | — | — |
| synology | router_manager | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-932g-58jj-wp5q: There is a use-after-free issue in all samba 4
ghsa_unreviewed·2022-05-24
CVE-2019-19344 [MEDIUM] CWE-416 GHSA-932g-58jj-wp5q: There is a use-after-free issue in all samba 4
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
OSV
CVE-2019-19344: There is a use-after-free issue in all samba 4
osv·2020-01-21·CVSS 6.5
CVE-2019-19344 [MEDIUM] CVE-2019-19344: There is a use-after-free issue in all samba 4
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
OSV
samba vulnerabilities
osv·2020-01-21·CVSS 5.4
CVE-2019-14902 [MEDIUM] samba vulnerabilities
samba vulnerabilities
It was discovered that Samba did not automatically replicate ACLs set to
inherit down a subtree on AD Directory, contrary to expectations. This
issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-14902)
Robert Święcki discovered that Samba incorrectly handled certain character
conversions when the log level is set to 3 or above. In certain
environments, a remote attacker could possibly use this issue to cause
Samba to crash, resulting in a denial of service. (CVE-2019-14907)
Christian Naumer discovered that Samba incorrectly handled DNS zone
scavenging. This issue could possibly result in some incorrect data being
written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-19344)
Ubuntu
Samba vulnerabilities
vendor_ubuntu·2020-01-21·CVSS 5.4
CVE-2019-14902 [MEDIUM] Samba vulnerabilities
Title: Samba vulnerabilities
Summary: Several security issues were fixed in Samba.
It was discovered that Samba did not automatically replicate ACLs set to
inherit down a subtree on AD Directory, contrary to expectations. This
issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-14902)
Robert Święcki discovered that Samba incorrectly handled certain character
conversions when the log level is set to 3 or above. In certain
environments, a remote attacker could possibly use this issue to cause
Samba to crash, resulting in a denial of service. (CVE-2019-14907)
Christian Naumer discovered that Samba incorrectly handled DNS zone
scavenging. This issue could possibly result in some incorrect data being
written to the DB. This issue only applied to Ubuntu 19.
Red Hat
samba: Use after free during DNS zone scavenging in Samba AD DC
vendor_redhat·2020-01-21·CVSS 6.5
CVE-2019-19344 [MEDIUM] CWE-416 samba: Use after free during DNS zone scavenging in Samba AD DC
samba: Use after free during DNS zone scavenging in Samba AD DC
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
A flaw was found in samba. An off-by-default feature to tombstone dynamically created DNS records once they have reached their expiry time contains a use-after-free flaw that allows read memory to be saved back into the database. The highest threat from this vulnerability is to system availability.
Statement: This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controll
Debian
CVE-2019-19344: samba - There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all s...
vendor_debian·2019·CVSS 6.5
CVE-2019-19344 [MEDIUM] CVE-2019-19344: samba - There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all s...
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
Scope: local
bookworm: resolved (fixed in 2:4.11.5+dfsg-1)
bullseye: resolved (fixed in 2:4.11.5+dfsg-1)
forky: resolved (fixed in 2:4.11.5+dfsg-1)
sid: resolved (fixed in 2:4.11.5+dfsg-1)
trixie: resolved (fixed in 2:4.11.5+dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC [fedora-all]
bugzilla·2020-01-21·CVSS 6.5
CVE-2019-19344 [MEDIUM] CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC [fedora-all]
CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
Bugzilla
CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC
bugzilla·2020-01-15·CVSS 6.5
CVE-2019-19344 [MEDIUM] CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC
CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC
As per upstream advisory:
Samba 4.9 introduced an off-by-default feature to tombstone dynamically created DNS records that had reached their expiry time.
This feature is controlled by the smb.conf option:
dns zone scavenging = yes
There is a use-after-free issue in this code, essentially due to a call to realloc() while other local variables still point at the original buffer.
The use is a read, but in quite unlikely conditions (due to NDR validation unpacking the buffer) that read memory might be saved back into the DB.
Discussion:
Acknowledgments:
Name: the Samba project
Upstream: Christian Naumer
---
Statement:
This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux be
Checkpoint
27th January – Threat Intelligence Bulletin
blogs_checkpoint·2020-01-27
CVE-2019-18187 27th January – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 27th January – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 20th January 2020, please download our Threat Intelligence Bulletin
TOP ATTACKS AND BREACHES
UN calls for an investigation on Saudi Arabia’s role in amazon CEO Jeff Bezos’s phone hack. The alleged attack was carried via WhatsApp. Bezos was sent a video in 2018 by Saudi Arabia’s crown prince, Mohammed bin Salman, and apparently was infected at that time. Speculations point to NSO as the possible provider of t
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344https://lists.debian.org/debian-lts-announce/2023/09/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/https://security.gentoo.org/glsa/202003-52https://security.netapp.com/advisory/ntap-20200122-0001/https://usn.ubuntu.com/4244-1/https://www.samba.org/samba/security/CVE-2019-19344.htmlhttps://www.synology.com/security/advisory/Synology_SA_20_01http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344https://lists.debian.org/debian-lts-announce/2023/09/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/https://security.gentoo.org/glsa/202003-52https://security.netapp.com/advisory/ntap-20200122-0001/https://usn.ubuntu.com/4244-1/https://www.samba.org/samba/security/CVE-2019-19344.htmlhttps://www.synology.com/security/advisory/Synology_SA_20_01
2020-01-21
Published