Описание
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.5.0+dfsg-1ubuntu0.3 |
| devel | not-affected | 7.8.git20221117.28daf24+dfsg-1ubuntu1 |
| esm-apps/jammy | needed | |
| esm-apps/noble | not-affected | 7.8.git20221117.28daf24+dfsg-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1.6~git20131207+dfsg-1ubuntu1.2+esm3 |
| esm-infra/bionic | released | 7.5.0+dfsg-1ubuntu0.3 |
| esm-infra/focal | released | 7.7.0+dfsg-1ubuntu1.3 |
| esm-infra/xenial | released | 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3 |
| focal | released | 7.7.0+dfsg-1ubuntu1.3 |
| jammy | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | released | 2:4.17.3+dfsg-3ubuntu1 |
| esm-infra-legacy/trusty | released | 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm13 |
| esm-infra/bionic | released | 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+esm1 |
| esm-infra/focal | released | 2:4.15.13+dfsg-0ubuntu0.20.04.1 |
| esm-infra/xenial | released | 2:4.3.11+dfsg-0ubuntu0.16.04.34+esm2 |
| focal | released | 2:4.15.13+dfsg-0ubuntu0.20.04.1 |
| jammy | released | 2:4.15.13+dfsg-0ubuntu1 |
| kinetic | released | 2:4.16.8+dfsg-0ubuntu1 |
| lunar | released | 2:4.17.3+dfsg-3ubuntu1 |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
A heap-based buffer overflow vulnerability was found in Samba within t ...
Уязвимость функций unwrap_des() и unwrap_des3() библиотеки GSSAPI пакета Heimdal программы сетевого взаимодействия Samba
EPSS
6.5 Medium
CVSS3