Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
141 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
142 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
143 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
144 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
145 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
146 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
147 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
148 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
149 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
150 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
151 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
152 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
153 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
154 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
155 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
156 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
157 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
158 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
159 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
160 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
161 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
162 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
163 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
164 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
165 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
166 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
167 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
168 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
169 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
170 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
171 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
172 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
141 -
7.9 		HIGH Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to ca… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2012-0870 cpe:2.3:a:samba:samba:3.0.0:* 2024-11-21 10:35
2012-02-23 		Show GitHub Exploit DB Packet Storm
142 -
5.0 		MEDIUM Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. CWE-200
Information Exposure 		CVE-2012-0817 cpe:2.3:a:samba:samba:3.6.2:*
cpe:2.3:a:samba:samba:3.6.1:*
cpe:2.3:a:samba:samba:3.6.0:* 		2024-11-21 10:35
2012-01-31 		Show GitHub Exploit DB Packet Storm
143 -
1.2 		LOW The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid ch… CWE-20
 Improper Input Validation  		CVE-2011-2724 cpe:2.3:a:samba:samba:3.5.9:*
cpe:2.3:a:samba:samba:3.5.8:*
cpe:2.3:a:samba:samba:3.5.7:*
cpe:2.3:a:samba:samb… 		3.5.10 2024-11-21 10:28
2011-09-7 		Show GitHub Exploit DB Packet Storm
144 -
2.6 		LOW Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to … CWE-79
Cross-site Scripting 		CVE-2011-2694 cpe:2.3:a:samba:samba:*:* 3.0.0
3.4.0
3.5.0



3.3.16
3.4.14
3.5.10 		2024-11-21 10:28
2011-07-30 		Show GitHub Exploit DB Packet Storm
145 -
6.8 		MEDIUM Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators… CWE-352
 Origin Validation Error 		CVE-2011-2522 cpe:2.3:a:samba:samba:*:* 3.0.0
3.4.0
3.5.0



3.3.16
3.4.14
3.5.10 		2024-11-21 10:28
2011-07-30 		Show GitHub Exploit DB Packet Storm
146 -
3.3 		LOW smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits … CWE-20
 Improper Input Validation  		CVE-2011-1678 cpe:2.3:a:samba:samba:*:* 3.5.8 2024-11-21 10:26
2011-04-10 		Show GitHub Exploit DB Packet Storm
147 -
5.0 		MEDIUM Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2011-0719 cpe:2.3:a:samba:samba:3.5.6:*
cpe:2.3:a:samba:samba:3.5.5:*
cpe:2.3:a:samba:samba:3.5.4:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:24
2011-03-2 		Show GitHub Exploit DB Packet Storm
148 -
7.5 		HIGH Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2010-3069 cpe:2.3:a:samba:samba:*:* 3.0.0
3.4.0
3.5.0 		3.3.14


3.4.9
3.5.5 		2024-11-21 10:17
2010-09-16 		Show GitHub Exploit DB Packet Storm
149 -
7.5 		HIGH Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory c… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2010-2063 cpe:2.3:a:samba:samba:*:* 3.0.0 3.3.12 2024-11-21 10:15
2010-06-18 		Show GitHub Exploit DB Packet Storm
150 -
5.0 		MEDIUM The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2010-1642 cpe:2.3:a:samba:samba:3.5:*
cpe:2.3:a:samba:samba:3.5.1:*
cpe:2.3:a:samba:samba:3.5.0:*
cpe:2.3:a:samba:samba:… 		3.4.7 2024-11-21 10:14
2010-06-18 		Show GitHub Exploit DB Packet Storm