The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Feb 2023, 00:39
Type | Values Removed | Values Added |
---|---|---|
Summary | The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. | |
References |
|
02 Feb 2023, 20:17
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. | |
References |
|
Information
Published : 2014-06-23 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3493
Mitre link : CVE-2014-3493
CVE.ORG link : CVE-2014-3493
JSON object : View
Products Affected
samba
- samba
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer