CVE-2022-32745

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.gentoo.org/glsa/202309-06
https://www.samba.org/samba/security/CVE-2022-32745.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

History

17 Sep 2023, 09:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202309-06 -

29 Aug 2022, 18:11

Type	Values Removed	Values Added
First Time		Samba Samba samba
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
CWE		CWE-125 CWE-908
CPE		cpe:2.3:a:samba:samba::::::::
References	~~(MISC) https://www.samba.org/samba/security/CVE-2022-32745.html -~~	(MISC) https://www.samba.org/samba/security/CVE-2022-32745.html - Patch, Vendor Advisory

25 Aug 2022, 18:46

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-25 18:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-32745

Mitre link : CVE-2022-32745

CVE.ORG link : CVE-2022-32745

JSON object : View

Products Affected

samba

samba

CWE

CWE-125

Out-of-bounds Read

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2022-32745", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2022-08-25T18:15:10.563", "references": [{"url": "https://security.gentoo.org/glsa/202309-06", "source": "secalert@redhat.com"}, {"url": "https://www.samba.org/samba/security/CVE-2022-32745.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-908"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault."}, {"lang": "es", "value": "Se ha encontrado un fallo en Samba. Los usuarios de AD de Samba pueden hacer que el servidor acceda a datos no inicializados con una solicitud de adici\u00f3n o modificaci\u00f3n de LDAP, resultando usualmente en un fallo de segmentaci\u00f3n."}], "lastModified": "2023-11-07T03:48:10.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A97D622-0235-4890-A2AF-10C3E6010D32", "versionEndExcluding": "4.14.14", "versionStartIncluding": "4.13.14"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E947A97-F159-4257-8197-13E8588C78A4", "versionEndExcluding": "4.15.9", "versionStartIncluding": "4.15.2"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8479455F-FFCD-46F1-B0E3-EBC082F89C16", "versionEndExcluding": "4.16.4", "versionStartIncluding": "4.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}