Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
32 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
33 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
34 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
35 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
36 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
37 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
38 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
39 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
40 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
41 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
42 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
43 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
44 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
45 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
46 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
47 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
48 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
49 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
50 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
51 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
52 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
53 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
54 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
55 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
56 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
57 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
58 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
59 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
60 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
61 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
62 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 4.3
- 		MEDIUM
Network 		A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into… NVD-CWE-noinfo
CVE-2022-32742 cpe:2.3:a:samba:samba:*:*
4.16.0
4.15.0



4.14.14
4.16.4
4.15.9 		2024-11-21 16:06
2022-08-26 		Show GitHub Exploit DB Packet Storm
32 8.8
- 		HIGH
Network 		A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has bee… CWE-287
Improper Authentication 		CVE-2022-2031 cpe:2.3:a:samba:samba:*:* 4.16.0
4.15.0



4.16.4
4.15.9
4.14.14 		2024-11-21 16:00
2022-08-26 		Show GitHub Exploit DB Packet Storm
33 6.5
- 		MEDIUM
Network 		MaxQueryDuration not honoured in Samba AD DC LDAP NVD-CWE-noinfo
CVE-2021-3670 cpe:2.3:a:samba:samba:*:* 4.1.0 2024-11-21 15:22
2022-08-24 		Show GitHub Exploit DB Packet Storm
34 6.8
- 		MEDIUM
Network 		A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of t… CWE-362
Race Condition 		CVE-2021-20316 cpe:2.3:a:samba:samba:*:* 4.15.0 2024-11-21 14:46
2022-08-24 		Show GitHub Exploit DB Packet Storm
35 8.8
6.5 		HIGH
Network 		Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued ticket… CWE-20
 Improper Input Validation  		CVE-2020-25721 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.13.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:18
2022-03-17 		Show GitHub Exploit DB Packet Storm
36 8.8
6.5 		HIGH
Network 		In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sa… CWE-416
 Use After Free 		CVE-2021-3738 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.0.0



4.15.2
4.14.10
4.13.14 		2024-11-21 15:22
2022-03-3 		Show GitHub Exploit DB Packet Storm
37 7.5
5.0 		HIGH
Network 		A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their … NVD-CWE-noinfo
CVE-2021-23192 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.10.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:51
2022-03-3 		Show GitHub Exploit DB Packet Storm
38 4.3
3.5 		MEDIUM
Network 		All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under th… CWE-59
Link Following 		CVE-2021-44141 cpe:2.3:a:samba:samba:*:* 4.15.5 2024-11-21 15:30
2022-02-22 		Show GitHub Exploit DB Packet Storm
39 8.8
9.0 		HIGH
Network 		The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba version… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2021-44142 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0



4.15.5
4.14.12
4.13.17 		2024-11-21 15:30
2022-02-22 		Show GitHub Exploit DB Packet Storm
40 8.8
6.5 		HIGH
Network 		Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. CWE-863
 Incorrect Authorization 		CVE-2020-25722 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.0.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:18
2022-02-19 		Show GitHub Exploit DB Packet Storm