Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
12 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
13 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
14 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
15 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
16 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
17 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
18 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
19 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
20 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
21 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
22 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
23 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
24 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
25 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
26 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
27 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
28 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
29 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
30 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
31 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
32 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
33 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
34 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
35 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
36 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
37 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
38 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
39 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
40 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
41 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
42 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 7.5
- 		HIGH
Network 		An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() di… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2023-34966 cpe:2.3:a:samba:samba:*:* 4.18.0
4.17.0



4.18.5
4.17.10
4.16.11 		2024-11-21 17:07
2023-07-21 		Show GitHub Exploit DB Packet Storm
12 6.5
- 		MEDIUM
Network 		The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery k… CWE-312
 Cleartext Storage of Sensitive Information 		CVE-2023-0614 cpe:2.3:a:samba:samba:4.18.0:rc4
cpe:2.3:a:samba:samba:4.18.0:rc3
cpe:2.3:a:samba:samba:4.18.0:rc2
cpe:2.3:a:s… 		4.17.0
4.0.0

4.17.7
4.16.10 		2024-11-21 16:37
2023-04-4 		Show GitHub Exploit DB Packet Storm
13 5.9
- 		MEDIUM
Network 		The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2023-0922 cpe:2.3:a:samba:samba:4.18.0:rc4
cpe:2.3:a:samba:samba:4.18.0:rc3
cpe:2.3:a:samba:samba:4.18.0:rc2
cpe:2.3:a:s… 		4.17.0
4.0.0

4.17.7
4.16.10 		2024-11-21 16:38
2023-04-4 		Show GitHub Exploit DB Packet Storm
14 4.3
- 		MEDIUM
Network 		A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2023-0225 cpe:2.3:a:samba:samba:4.18.0:rc4
cpe:2.3:a:samba:samba:4.18.0:rc3
cpe:2.3:a:samba:samba:4.18.0:rc2
cpe:2.3:a:s… 		4.17.0 4.17.7 2024-11-21 16:36
2023-04-4 		Show GitHub Exploit DB Packet Storm
15 5.9
- 		MEDIUM
Network 		A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. CWE-362
Race Condition 		CVE-2021-20251 cpe:2.3:a:samba:samba:*:* 4.17.0
4.1.0

4.17.4
4.16.8 		2024-11-21 14:46
2023-03-7 		Show GitHub Exploit DB Packet Storm
16 9.8
- 		CRITICAL
Network 		Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Director… CWE-328
CWE-326
 Use of Weak Hash
Inadequate Encryption Strength 		CVE-2022-45141 cpe:2.3:a:samba:samba:*:* 4.16.0

4.16.8
4.15.13 		2025-03-7 06:15
2023-03-7 		Show GitHub Exploit DB Packet Storm
17 4.3
- 		MEDIUM
Network 		An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attrib… - CVE-2018-14628 cpe:2.3:a:samba:samba:*:* 4.0.0 2024-11-21 12:49
2023-01-18 		Show GitHub Exploit DB Packet Storm
18 6.5
- 		MEDIUM
Network 		A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the… CWE-59
Link Following 		CVE-2022-3592 cpe:2.3:a:samba:samba:*:* 4.17.0 4.17.2 2024-11-21 16:19
2023-01-13 		Show GitHub Exploit DB Packet Storm
19 6.5
- 		MEDIUM
Network 		A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI li… - CVE-2022-3437 cpe:2.3:a:samba:samba:*:* 4.17.0
4.16.0
4.0.0



4.17.2
4.16.6
4.15.11 		2024-11-21 16:19
2023-01-13 		Show GitHub Exploit DB Packet Storm
20 8.8
- 		HIGH
Network 		PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server)… CWE-190
 Integer Overflow or Wraparound 		CVE-2022-42898 cpe:2.3:a:samba:samba:*:* 4.17.0

4.16.0



4.17.3
4.15.12
4.16.7 		2024-11-21 16:25
2022-12-25 		Show GitHub Exploit DB Packet Storm