Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-3437

Опубликовано: 12 янв. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

РелизСтатусПримечание
bionic

released

7.5.0+dfsg-1ubuntu0.3
devel

not-affected

7.8.git20221117.28daf24+dfsg-1ubuntu1
esm-apps/jammy

needed

esm-apps/noble

not-affected

7.8.git20221117.28daf24+dfsg-1ubuntu1
esm-infra-legacy/trusty

not-affected

1.6~git20131207+dfsg-1ubuntu1.2+esm3
esm-infra/bionic

not-affected

7.5.0+dfsg-1ubuntu0.3
esm-infra/focal

not-affected

7.7.0+dfsg-1ubuntu1.3
esm-infra/xenial

released

1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3
focal

released

7.7.0+dfsg-1ubuntu1.3
jammy

needed

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

released

2:4.17.3+dfsg-3ubuntu1
esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needed

esm-infra/focal

not-affected

2:4.15.13+dfsg-0ubuntu0.20.04.1
esm-infra/xenial

needs-triage

focal

released

2:4.15.13+dfsg-0ubuntu0.20.04.1
jammy

released

2:4.15.13+dfsg-0ubuntu1
kinetic

released

2:4.16.8+dfsg-0ubuntu1
lunar

released

2:4.17.3+dfsg-3ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 65%
0.00501
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-3437

CVSS3: 5.9
redhat
больше 2 лет назад

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

nvd логотип

CVE-2022-3437

CVSS3: 6.5
nvd
больше 2 лет назад

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

msrc логотип

CVE-2022-3437

CVSS3: 6.5
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-3437

CVSS3: 6.5
debian
больше 2 лет назад

A heap-based buffer overflow vulnerability was found in Samba within t ...

fstec логотип

BDU:2022-06493

CVSS3: 5.9
fstec
больше 2 лет назад

Уязвимость функций unwrap_des() и unwrap_des3() библиотеки GSSAPI пакета Heimdal программы сетевого взаимодействия Samba

EPSS

Процентиль: 65%
0.00501
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2022-3437