Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
151 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
152 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
153 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
154 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
155 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
156 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
157 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
158 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
159 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
160 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
161 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
162 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
163 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
164 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
165 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
166 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
167 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
168 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
169 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
170 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
171 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
172 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
173 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
174 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
175 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
176 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
177 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
178 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
179 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
180 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
181 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
182 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
151 -
5.0 		MEDIUM The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Nego… NVD-CWE-Other
CVE-2010-1635 cpe:2.3:a:samba:samba:3.5:*
cpe:2.3:a:samba:samba:3.5.1:*
cpe:2.3:a:samba:samba:3.5.0:*
cpe:2.3:a:samba:samba:… 		3.4.7 2024-11-21 10:14
2010-06-18 		Show GitHub Exploit DB Packet Storm
152 -
8.5 		HIGH smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via stan… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2010-0728 cpe:2.3:a:samba:samba:3.5.0:*
cpe:2.3:a:samba:samba:3.4.6:*
cpe:2.3:a:samba:samba:3.3.11:* 		2010-03-11 05:13
2010-03-11 		Show GitHub Exploit DB Packet Storm
153 -
3.5 		LOW The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traver… CWE-22
Path Traversal 		CVE-2010-0926 cpe:2.3:a:samba:samba:3.5.0:*
cpe:2.3:a:samba:samba:3.4.5:*
cpe:2.3:a:samba:samba:3.4.4:*
cpe:2.3:a:samba:samb… 		2023-11-7 11:05
2010-03-11 		Show GitHub Exploit DB Packet Storm
154 -
4.4 		MEDIUM client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a sym… CWE-59
Link Following 		CVE-2010-0787 cpe:2.3:a:samba:samba:3.4.5:*
cpe:2.3:a:samba:samba:3.4.0:*
cpe:2.3:a:samba:samba:3.2.3:*
cpe:2.3:a:samba:samb… 		2023-11-7 11:05
2010-03-3 		Show GitHub Exploit DB Packet Storm
155 -
2.1 		LOW client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to… CWE-20
 Improper Input Validation  		CVE-2010-0547 cpe:2.3:a:samba:samba:3.4.4:*
cpe:2.3:a:samba:samba:3.4.3:*
cpe:2.3:a:samba:samba:3.4.2:*
cpe:2.3:a:samba:samb… 		3.4.5 2023-11-7 11:05
2010-02-5 		Show GitHub Exploit DB Packet Storm
156 -
1.9 		LOW mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local user… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2009-2948 cpe:2.3:a:samba:samba:*:* 3.0.0
3.2.0
3.3.0
3.4.0





3.0.37
3.2.15
3.3.8
3.4.2 		2026-04-23 09:35
2009-10-8 		Show GitHub Exploit DB Packet Storm
157 -
4.0 		MEDIUM smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock b… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2009-2906 cpe:2.3:a:samba:samba:3.4.1:*
cpe:2.3:a:samba:samba:3.4.0:*
cpe:2.3:a:samba:samba:*:*
3.2.0
3.3.0



3.0.37
3.2.15
3.3.8 		2026-04-23 09:35
2009-10-8 		Show GitHub Exploit DB Packet Storm
158 -
6.0 		MEDIUM Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and othe… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2009-2813 cpe:2.3:a:samba:samba:3.4:*
cpe:2.3:a:samba:samba:3.4.1:*
cpe:2.3:a:samba:samba:3.4.0:*
cpe:2.3:a:samba:samba:… 		2026-04-23 09:35
2009-09-15 		Show GitHub Exploit DB Packet Storm
159 -
5.8 		MEDIUM The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2009-1888 cpe:2.3:a:samba:samba:*:* 3.0.31
3.2.0
3.3.0 		3.0.35


3.2.13
3.3.6 		2026-04-23 09:35
2009-06-25 		Show GitHub Exploit DB Packet Storm
160 -
9.3 		HIGH Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in … CWE-134
Use of Externally-Controlled Format String 		CVE-2009-1886 cpe:2.3:a:samba:samba:3.2.9:*
cpe:2.3:a:samba:samba:3.2.8:*
cpe:2.3:a:samba:samba:3.2.7:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2009-06-25 		Show GitHub Exploit DB Packet Storm