CVE-2019-19344 — Use After Free in Samba

CWE-416 — Use After Free10 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

2.3%

top 15.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba RED HAT Samba Canonical Ubuntu Linux +3 more

Timeline

PublishedJan 21

Latest updateMay 24

Description

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDsamba/samba4.9.0 — 4.9.18+2

▶Debiansamba/samba< 2:4.11.5+dfsg-1+3

▶CVEListV5red_hat/sambaall samba 4.10.x versions before 4.10.12, all samba 4.11.x versions before 4.11.5, all samba 4.9.x versions before 4.9.18+2

▶NVDopensuse/leap15.1

▶NVDsynology/router_manager1.2

Also affects: Ubuntu Linux 16.04, 18.04, 19.04, 19.10

🔴Vulnerability Details

GHSA

GHSA-932g-58jj-wp5q: There is a use-after-free issue in all samba 4↗2022-05-24

▶

CVEList

CVE-2019-19344: There is a use-after-free issue in all samba 4↗2020-01-21

▶

OSV

CVE-2019-19344: There is a use-after-free issue in all samba 4↗2020-01-21

▶

OSV

samba vulnerabilities↗2020-01-21

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2020-01-21

▶

Red Hat

samba: Use after free during DNS zone scavenging in Samba AD DC↗2020-01-21

▶

Debian

CVE-2019-19344: samba - There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all s...↗2019

▶

💬Community

Bugzilla

CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC [fedora-all]↗2020-01-21

▶

Bugzilla

CVE-2019-19344 samba: Use after free during DNS zone scavenging in Samba AD DC↗2020-01-15

▶