CVE-2022-32742Sensitive Information Exposure in Samba

CWE-200Sensitive Information Exposure8 documents7 sources
Severity
4.3MEDIUMNVD
OSV6.5
EPSS
0.6%
top 31.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SambaDebian SambaMsrc Azl3 Samba 4.18.3-1 ON Azure Linux 3.0+2 more
Timeline
PublishedAug 25
Latest updateAug 26

Description

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

NVDsamba/samba4.15.04.15.9+2
debiandebian/samba< samba 2:4.16.4+dfsg-1 (bookworm)
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u5+3
Ubuntusamba/samba< 2:4.13.17~dfsg-0ubuntu1.20.04.1+1
CVEListV5samba/sambaVersions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14

🔴Vulnerability Details

3
GHSA
GHSA-j7gp-2jqv-76gj: A flaw was found in Samba2022-08-26
OSV
CVE-2022-32742: A flaw was found in Samba2022-08-25
OSV
samba vulnerabilities2022-08-01

📋Vendor Advisories

4
Microsoft
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write allowing server memory contents to be written into t2022-08-09
Ubuntu
Samba vulnerabilities2022-08-01
Red Hat
samba: server memory information leak via SMB12022-07-27
Debian
CVE-2022-32742: samba - A flaw was found in Samba. Some SMB1 write requests were not correctly range-che...2022