Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
91 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
92 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
93 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
94 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
95 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
96 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
97 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
98 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
99 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
100 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
101 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
102 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
103 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
104 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
105 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
106 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
107 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
108 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
109 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
110 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
111 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
112 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
113 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
114 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
115 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
116 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
117 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
118 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
119 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
120 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
121 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
122 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
91 7.4
5.8 		HIGH
Network 		It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-… NVD-CWE-noinfo
CVE-2017-12150 cpe:2.3:a:samba:samba:*:* 4.6.0
4.5.0
3.0.25



4.6.8
4.5.14
4.4.16 		2024-11-21 12:08
2018-07-27 		Show GitHub Exploit DB Packet Storm
92 7.1
4.8 		HIGH
Adjacent 		An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server … - CVE-2017-12163 cpe:2.3:a:samba:samba:*:* 4.6.0
4.5.0



4.6.8
4.5.14
4.4.16 		2024-11-21 12:08
2018-07-27 		Show GitHub Exploit DB Packet Storm
93 8.8
6.5 		HIGH
Network 		On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' … CWE-863
 Incorrect Authorization 		CVE-2018-1057 cpe:2.3:a:samba:samba:*:* 4.7.0
4.6.0
4.0.0



4.7.6
4.6.14
4.5.16 		2024-11-21 12:59
2018-03-14 		Show GitHub Exploit DB Packet Storm
94 4.3
3.3 		MEDIUM
Adjacent 		All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on … CWE-476
 NULL Pointer Dereference 		CVE-2018-1050 cpe:2.3:a:samba:samba:*:* 4.7.0
4.6.0
3.6.0



4.7.6
4.6.14
4.5.16 		2024-11-21 12:59
2018-03-14 		Show GitHub Exploit DB Packet Storm
95 7.5
6.0 		HIGH
Network 		Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. CWE-362
CWE-59
Race Condition
Link Following 		CVE-2017-2619 cpe:2.3:a:samba:samba:*:* 4.5.0
4.6.0



4.5.7
4.6.1
4.4.12 		2024-11-21 12:23
2018-03-13 		Show GitHub Exploit DB Packet Storm
96 7.5
5.0 		HIGH
Network 		Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2017-15275 cpe:2.3:a:samba:samba:*:* 4.7.0
4.6.0
3.6.0



4.7.3
4.6.11
4.5.15 		2024-11-21 12:14
2017-11-28 		Show GitHub Exploit DB Packet Storm
97 9.8
7.5 		CRITICAL
Network 		Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. CWE-416
 Use After Free 		CVE-2017-14746 cpe:2.3:a:samba:samba:*:* 4.7.0
4.6.0
4.0.0
4.5.0





4.7.3
4.6.11
4.5.0
4.5.15 		2024-11-21 12:13
2017-11-28 		Show GitHub Exploit DB Packet Storm
98 8.1
6.8 		HIGH
Network 		Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. … CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2017-11103 cpe:2.3:a:samba:samba:*:* 4.0.0
4.5.0
4.6.0



4.4.15
4.5.12
4.6.6 		2024-11-21 12:07
2017-07-13 		Show GitHub Exploit DB Packet Storm
99 6.5
6.8 		MEDIUM
Network 		smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling sym… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2017-9461 cpe:2.3:a:samba:samba:4.5.5:*
cpe:2.3:a:samba:samba:4.5.4:*
cpe:2.3:a:samba:samba:4.5.3:*
cpe:2.3:a:samba:samb… 		4.4.9 2024-11-21 12:36
2017-06-7 		Show GitHub Exploit DB Packet Storm
100 9.8
10.0 		CRITICAL
Network 		Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and the… CWE-94
Code Injection 		CVE-2017-7494 cpe:2.3:a:samba:samba:*:* 3.5.0
4.4.0
4.5.0
4.6.0





4.4.0
4.4.14
4.5.10
4.6.4 		2026-04-22 04:36
2017-05-31 		Show GitHub Exploit DB Packet Storm