CVE-2022-29869Log File Information Exposure in Samba Cifs-utils

CWE-532Log File Information ExposureCWE-668Resource ExposureCWE-20Improper Input Validation9 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.9%
top 25.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Samba Cifs-utilsDebian LinuxFedoraproject Fedora
Timeline
PublishedApr 28
Latest updateAug 7

Description

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsamba/cifs-utils< 6.15
Debiansamba/cifs-utils< 2:6.11-3.1+deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35, 36

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-pwjc-pm2q-cpg2: cifs-utils through 62022-04-29
CVEList
CVE-2022-29869: cifs-utils through 62022-04-28
OSV
CVE-2022-29869: cifs-utils through 62022-04-28

📋Vendor Advisories

5
Ubuntu
cifs-utils vulnerabilities2025-08-07
Ubuntu
cifs-utils vulnerabilities2022-06-02
Red Hat
cifs-utils: crafted input may cause an information leak2022-04-28
Microsoft
cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.2022-04-12
Debian
CVE-2022-29869: cifs-utils - cifs-utils through 6.14, with verbose logging, can cause an information leak whe...2022
CVE-2022-29869 — Log File Information Exposure in Samba | cvebase