CVE-2022-2127

Опубликовано: 19 июл. 2023

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	samba	Out of support scope
Red Hat Enterprise Linux 6	samba4	Out of support scope
Red Hat Enterprise Linux 7	samba	Out of support scope
Red Hat Storage 3	samba	Affected
Red Hat Enterprise Linux 8	samba	Fixed	RHSA-2023:7139	14.11.2023
Red Hat Enterprise Linux 8	samba	Fixed	RHSA-2023:7139	14.11.2023
Red Hat Enterprise Linux 8.6 Extended Update Support	samba	Fixed	RHSA-2024:0423	25.01.2024
Red Hat Enterprise Linux 8.8 Extended Update Support	samba	Fixed	RHSA-2024:0580	30.01.2024
Red Hat Enterprise Linux 9	samba	Fixed	RHSA-2023:6667	07.11.2023
Red Hat Enterprise Linux 9	samba	Fixed	RHSA-2023:6667	07.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2222791samba: out-of-bounds read in winbind AUTH_CRAP

EPSS

Процентиль: 78%

0.0115

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2022-2127

CVSS3: 5.9

ubuntu

около 2 лет назад

CVE-2022-2127

CVSS3: 5.9

nvd

около 2 лет назад

CVE-2022-2127

CVSS3: 5.9

debian

около 2 лет назад

An out-of-bounds read vulnerability was found in Samba due to insuffic ...

SUSE-SU-2023:3358-1

suse-cvrf

около 2 лет назад

Security update for samba

SUSE-SU-2023:3017-1

suse-cvrf

около 2 лет назад

Security update for samba

EPSS

Процентиль: 78%

0.0115

Низкий

5.9 Medium

CVSS3