A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
References
Configurations
History
22 Apr 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-122 |
08 Oct 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Sep 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Feb 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-122 |
|
References |
|
08 Feb 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2023, 08:01
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2137774 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.samba.org/samba/security/CVE-2022-3437.html - Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-3437 - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* |
|
First Time |
Samba samba
Samba Fedoraproject Fedoraproject fedora |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
12 Jan 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-12 15:15
Updated : 2024-04-22 16:15
NVD link : CVE-2022-3437
Mitre link : CVE-2022-3437
CVE.ORG link : CVE-2022-3437
JSON object : View
Products Affected
fedoraproject
- fedora
samba
- samba
CWE
CWE-122
Heap-based Buffer Overflow