CVE-2022-32745 — Out-of-bounds Read in Samba

CWE-125 — Out-of-bounds Read CWE-908 — Use of Uninitialized Resource CWE-457 — Use of Uninitialized Variable8 documents7 sources

Severity

8.1HIGHNVD

OSV6.5

EPSS

0.4%

top 37.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Msrc Azl3 Samba 4.18.3-1 ON Azure Linux 3.0 +2 more

Timeline

PublishedAug 25

Latest updateAug 26

Description

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages8 packages

▶NVDsamba/samba4.13.14 — 4.14.14+2

▶debiandebian/samba< samba 2:4.16.4+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u5+3

▶Ubuntusamba/samba< 2:4.13.17~dfsg-0ubuntu1.20.04.1+1

▶CVEListV5samba/sambaVersions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14

Patches

Patch: www.samba.org ↗Patch: www.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-q9mh-p233-5pvv: A flaw was found in Samba↗2022-08-26

▶

OSV

CVE-2022-32745: A flaw was found in Samba↗2022-08-25

▶

OSV

samba vulnerabilities↗2022-08-01

▶

📋Vendor Advisories

Microsoft

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request usually resulting in a segmentation fault.↗2022-08-09

▶

Ubuntu

Samba vulnerabilities↗2022-08-01

▶

Red Hat

samba: AD users can crash the server process with an LDAP add or modify request↗2022-07-27

▶

Debian

CVE-2022-32745: samba - A flaw was found in Samba. Samba AD users can cause the server to access uniniti...↗2022

▶