CVE-2019-3824Out-of-bounds Read in Samba

CWE-125Out-of-bounds Read8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
11.8%
top 6.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SambaDebian LDBDebian Samba+2 more
Timeline
PublishedMar 6
Latest updateMay 13

Description

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDsamba/samba< 4.10.0
debiandebian/samba< ldb 2:1.5.1+really1.4.3-2 (bullseye)
Debiansamba/samba< 2:4.9.5+dfsg-1+3
debiandebian/ldb< ldb 2:1.5.1+really1.4.3-2 (bullseye)

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.samba.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-6r53-4gh8-g2xq: A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 42022-05-13
OSV
CVE-2019-3824: A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 42019-03-06

📋Vendor Advisories

3
Ubuntu
LDB vulnerability2019-02-26
Red Hat
samba: Out of bound read in ldb_wildcard_compare in Samba AD DC2019-02-25
Debian
CVE-2019-3824: ldb - A flaw was found in the way an LDAP search expression could crash the shared LDA...2019

💬Community

2
Bugzilla
CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC [fedora-all]2019-02-28
Bugzilla
CVE-2019-3824 samba: Out of bound read in ldb_wildcard_compare in Samba AD DC2019-02-01