Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
161 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
162 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
163 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
164 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
165 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
166 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
167 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
168 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
169 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
170 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
171 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
172 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
173 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
174 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
175 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
176 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
177 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
178 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
179 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
180 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
181 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
182 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
183 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
184 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
185 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
186 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
187 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
188 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
189 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
190 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
191 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
192 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
161 -
6.3 		MEDIUM Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. CWE-20
 Improper Input Validation  		CVE-2009-0022 cpe:2.3:a:samba:samba:3.2.6:*
cpe:2.3:a:samba:samba:3.2.5:*
cpe:2.3:a:samba:samba:3.2.4:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2009-01-6 		Show GitHub Exploit DB Packet Storm
162 -
8.5 		HIGH smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&p… CWE-200
Information Exposure 		CVE-2008-4314 cpe:2.3:a:samba:samba:3.2.4:*
cpe:2.3:a:samba:samba:3.2.3:*
cpe:2.3:a:samba:samba:3.2.2:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2008-12-2 		Show GitHub Exploit DB Packet Storm
163 -
2.1 		LOW Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2008-3789 cpe:2.3:a:samba:samba:*:* 3.2.0 3.2.3 2026-04-23 09:35
2008-08-28 		Show GitHub Exploit DB Packet Storm
164 -
7.5 		HIGH Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2008-1105 cpe:2.3:a:samba:samba:*:* 3.0.0 3.0.29 2026-04-23 09:35
2008-05-30 		Show GitHub Exploit DB Packet Storm
165 -
9.3 		HIGH Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a G… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-6015 cpe:2.3:a:samba:samba:3.0.2a:*
cpe:2.3:a:samba:samba:3.0.2:*
cpe:2.3:a:samba:samba:3.0.27:*
cpe:2.3:a:samba:sa… 		2026-04-23 09:35
2007-12-14 		Show GitHub Exploit DB Packet Storm
166 -
9.3 		HIGH Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mails… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-4572 cpe:2.3:a:samba:samba:3.0.9:*
cpe:2.3:a:samba:samba:3.0.8:*
cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2007-11-17 		Show GitHub Exploit DB Packet Storm
167 -
9.3 		HIGH Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arb… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-5398 cpe:2.3:a:samba:samba:3.0.9:*
cpe:2.3:a:samba:samba:3.0.8:*
cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2007-11-17 		Show GitHub Exploit DB Packet Storm
168 -
6.9 		MEDIUM The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2007-4138 cpe:2.3:a:samba:samba:3.0.25c:*
cpe:2.3:a:samba:samba:3.0.25b:*
cpe:2.3:a:samba:samba:3.0.25a:*
cpe:2.3:a:samb… 		2026-04-23 09:35
2007-09-14 		Show GitHub Exploit DB Packet Storm
169 -
7.2 		HIGH Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecif… CWE-269
 Improper Privilege Management 		CVE-2007-2444 cpe:2.3:a:samba:samba:3.0.25:pre2
cpe:2.3:a:samba:samba:3.0.24:*
cpe:2.3:a:samba:samba:3.0.23d:* 		2026-04-23 09:35
2007-05-15 		Show GitHub Exploit DB Packet Storm
170 -
10.0 		HIGH Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (ne… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-2446 cpe:2.3:a:samba:samba:3.0.2a:*
cpe:2.3:a:samba:samba:3.0.2:*
cpe:2.3:a:samba:samba:3.0.25:rc3
cpe:2.3:a:samba:… 		2026-04-23 09:35
2007-05-15 		Show GitHub Exploit DB Packet Storm