CVE-2022-2127Out-of-bounds Read in Samba

CWE-125Out-of-bounds Read8 documents7 sources
Severity
5.9MEDIUMNVD
EPSS
1.2%
top 20.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedJul 20

Description

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDsamba/samba4.16.04.16.10+2
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u6+3
Ubuntusamba/samba< 2:4.15.13+dfsg-0ubuntu0.20.04.3+1

Also affects: Debian Linux 12.0, Fedora 37, 38, Enterprise Linux 6.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

4
CVEList
Samba: out-of-bounds read in winbind auth_crap2023-07-20
OSV
CVE-2022-2127: An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap2023-07-20
GHSA
GHSA-mfwc-hx97-869v: An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap2023-07-20
OSV
samba vulnerabilities2023-07-19

📋Vendor Advisories

3
Ubuntu
Samba vulnerabilities2023-07-19
Red Hat
samba: out-of-bounds read in winbind AUTH_CRAP2023-07-19
Debian
CVE-2022-2127: samba - An out-of-bounds read vulnerability was found in Samba due to insufficient lengt...2022
CVE-2022-2127 — Out-of-bounds Read in Samba | cvebase