CVE-2023-5568 — Heap-based Buffer Overflow in Samba

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

6.7%

top 8.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedOct 25

Latest updateMay 21

Description

A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/samba< 4.19.2

▶debiandebian/samba< samba 2:4.19.2+dfsg-1 (forky)

▶Debiansamba/samba< 2:4.19.2+dfsg-1+1

🔴Vulnerability Details

GHSA

GHSA-x3c8-vcr7-5m4v: A heap-based Buffer Overflow flaw was discovered in Samba↗2023-10-25

▶

OSV

CVE-2023-5568: A heap-based Buffer Overflow flaw was discovered in Samba↗2023-10-25

▶

📋Vendor Advisories

Red Hat

kernel: perf/core: Bail out early if the request AUX area is out of bound↗2024-05-21

▶

Red Hat

samba: heap buffer overflow with freshness tokens in the Heimdal KDC↗2023-10-09

▶

Debian

CVE-2023-5568: samba - A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remo...↗2023

▶