Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-3437

Опубликовано: 12 янв. 2023
Источник: debian
EPSS Низкий

Описание

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sambafixed2:4.16.6+dfsg-1package
heimdalfixed7.8.git20221115.a6cf945+dfsg-1package

Примечания

  • https://www.samba.org/samba/security/CVE-2022-3437.html

  • https://bugzilla.samba.org/show_bug.cgi?id=15134

  • https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j

  • https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3 (heimdal-7.7.1)

  • https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49 (heimdal-7.7.1)

  • https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd (heimdal-7.7.1)

  • https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d (heimdal-7.7.1)

  • https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d (heimdal-7.7.1)

  • https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 (heimdal-7.7.1)

  • https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2 (heimdal-7.7.1)

  • https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef (heimdal-7.7.1)

  • In scope for continued Samba support

  • possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243

  • and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867

EPSS

Процентиль: 65%
0.00501
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-3437

CVSS3: 6.5
ubuntu
больше 2 лет назад

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

redhat логотип

CVE-2022-3437

CVSS3: 5.9
redhat
больше 2 лет назад

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

nvd логотип

CVE-2022-3437

CVSS3: 6.5
nvd
больше 2 лет назад

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

msrc логотип

CVE-2022-3437

CVSS3: 6.5
msrc
8 месяцев назад

Описание отсутствует

fstec логотип

BDU:2022-06493

CVSS3: 5.9
fstec
больше 2 лет назад

Уязвимость функций unwrap_des() и unwrap_des3() библиотеки GSSAPI пакета Heimdal программы сетевого взаимодействия Samba

EPSS

Процентиль: 65%
0.00501
Низкий