CVE-2022-3437Heap-based Buffer Overflow in Samba

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-354Improper Validation of Integrity Check Value21 documents9 sources
Severity
6.5MEDIUMNVD
OSV7.5OSV5.9
EPSS
0.7%
top 27.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Heimdal Project HeimdalSambaFedoraproject Fedora
Timeline
PublishedJan 12
Latest updateJun 30

Description

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

Debianheimdal_project/heimdal< 7.7.0+dfsg-2+deb11u2+3
Ubuntuheimdal_project/heimdal< 7.5.0+dfsg-1ubuntu0.3+3
NVDsamba/samba4.0.04.15.11+2
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u6+3
Ubuntusamba/samba< 2:4.15.13+dfsg-0ubuntu0.20.04.1+8

Also affects: Fedora 36, 37

🔴Vulnerability Details

8
OSV
samba regression2025-06-30
OSV
samba vulnerabilities2025-06-19
OSV
samba vulnerabilities2023-03-08
OSV
samba regression2023-01-26
OSV
samba vulnerabilities2023-01-24

📋Vendor Advisories

12
Ubuntu
Samba regression2025-06-30
Ubuntu
Samba vulnerabilities2025-06-19
Microsoft
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to t2023-03-14
Ubuntu
Samba vulnerabilities2023-03-08
Red Hat
samba: fix introduced a logic inversion2023-02-08
CVE-2022-3437 — Heap-based Buffer Overflow in Samba | cvebase