NVD Vulnerability Detail
Search Exploit, PoC
CVE-2022-3437
Summary

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Publication Date Jan. 13, 2023, 12:15 a.m.
Registration Date Jan. 13, 2023, 10 a.m.
Last Update Nov. 21, 2024, 4:19 p.m.
CVSS3.1 : MEDIUM
スコア 6.5
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR)
利用者の関与(UI) 不要
影響の想定範囲(S) 変更なし
機密性への影響(C) なし
完全性への影響(I) なし
可用性への影響(A)
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 4.17.0 4.17.2
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 4.16.0 4.16.6
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* 4.0.0 4.15.11
Configuration2 or higher or less more than less than
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List