Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
2 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
3 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
4 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
5 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
6 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
7 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
8 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
9 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
10 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
11 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
12 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
13 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
14 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
15 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
16 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
17 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
18 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
19 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
20 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
21 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
22 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
23 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
24 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
25 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
26 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
27 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
28 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
29 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
30 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
31 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
32 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 6.5
- 		MEDIUM
Network 		A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allo… CWE-787
 Out-of-bounds Write 		CVE-2023-4154 cpe:2.3:a:samba:samba:*:* 4.19.0
4.18.0
4.0.0



4.19.1
4.18.8
4.17.12 		2024-11-21 17:34
2023-11-8 		Show GitHub Exploit DB Packet Storm
2 6.5
- 		MEDIUM
Network 		A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be bloc… NVD-CWE-noinfo
CVE-2023-42669 cpe:2.3:a:samba:samba:*:* 4.19.0
4.18.0
4.0.0



4.19.1
4.18.8
4.17.12 		2024-11-21 17:22
2023-11-6 		Show GitHub Exploit DB Packet Storm
3 9.8
- 		CRITICAL
Network 		A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect S… CWE-22
Path Traversal 		CVE-2023-3961 cpe:2.3:a:samba:samba:*:* 4.19.0
4.18.0



4.19.1
4.18.8
4.17.12 		2024-11-21 17:18
2023-11-3 		Show GitHub Exploit DB Packet Storm
4 6.5
- 		MEDIUM
Network 		A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignor… CWE-276
Incorrect Default Permissions  		CVE-2023-4091 cpe:2.3:a:samba:samba:*:* 4.19.0
4.18.0



4.19.1
4.18.8
4.17.12 		2024-11-21 17:34
2023-11-3 		Show GitHub Exploit DB Packet Storm
5 6.5
- 		MEDIUM
Network 		A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experienc… NVD-CWE-noinfo
CVE-2023-42670 cpe:2.3:a:samba:samba:*:* 4.19.0
4.18.0



4.19.1
4.18.8
4.17.12 		2024-11-21 17:22
2023-11-3 		Show GitHub Exploit DB Packet Storm
6 6.5
- 		MEDIUM
Network 		A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. CWE-787
 Out-of-bounds Write 		CVE-2023-5568 cpe:2.3:a:samba:samba:*:* 4.19.2 2024-11-21 17:42
2023-10-26 		Show GitHub Exploit DB Packet Storm
7 5.9
- 		MEDIUM
Network 		A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Contro… NVD-CWE-noinfo
CVE-2023-3347 cpe:2.3:a:samba:samba:*:* 4.18.0
4.17.0

4.18.5
4.17.10 		2024-11-21 17:17
2023-07-21 		Show GitHub Exploit DB Packet Storm
8 5.3
- 		MEDIUM
Network 		A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search querie… NVD-CWE-noinfo
CVE-2023-34968 cpe:2.3:a:samba:samba:*:* 4.18.0
4.17.0



4.18.5
4.17.10
4.16.11 		2024-11-21 17:07
2023-07-21 		Show GitHub Exploit DB Packet Storm
9 5.9
- 		MEDIUM
Network 		An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challeng… CWE-125
Out-of-bounds Read 		CVE-2022-2127 cpe:2.3:a:samba:samba:*:* 4.16.0
4.17.0
4.18.0



4.16.10
4.17.9
4.18.4 		2024-11-21 16:00
2023-07-21 		Show GitHub Exploit DB Packet Storm
10 5.3
- 		MEDIUM
Network 		A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the k… CWE-843
Type Confusion 		CVE-2023-34967 cpe:2.3:a:samba:samba:*:* 4.18.0
4.17.0



4.18.5
4.17.10
4.16.11 		2024-11-21 17:07
2023-07-21 		Show GitHub Exploit DB Packet Storm