Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
42 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
43 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
44 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
45 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
46 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
47 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
48 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
49 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
50 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
51 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
52 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
53 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
54 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
55 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
56 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
57 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
58 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
59 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
60 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
61 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
62 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
63 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
64 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
65 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
66 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
67 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
68 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
69 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
70 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
71 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
72 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 7.2
9.0 		HIGH
Network 		A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents … CWE-362
Race Condition 		CVE-2020-25719 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.0.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:18
2022-02-19 		Show GitHub Exploit DB Packet Storm
42 8.8
6.5 		HIGH
Network 		A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. CWE-862
 Missing Authorization 		CVE-2020-25718 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.0.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:18
2022-02-19 		Show GitHub Exploit DB Packet Storm
43 8.1
8.5 		HIGH
Network 		A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. CWE-20
 Improper Input Validation  		CVE-2020-25717 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
3.0.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:18
2022-02-19 		Show GitHub Exploit DB Packet Storm
44 5.9
4.3 		MEDIUM
Network 		A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. CWE-287
Improper Authentication 		CVE-2016-2124 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
3.0.0



4.15.2
4.14.10
4.13.14 		2024-11-21 11:47
2022-02-19 		Show GitHub Exploit DB Packet Storm
45 2.5
1.2 		LOW
Local 		All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the sh… CWE-362
Race Condition 		CVE-2021-43566 cpe:2.3:a:samba:samba:*:* 4.13.16 2024-11-21 15:29
2022-01-12 		Show GitHub Exploit DB Packet Storm
46 6.5
4.0 		MEDIUM
Network 		A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samb… CWE-476
 NULL Pointer Dereference 		CVE-2021-3671 cpe:2.3:a:samba:samba:*:* 4.14.0

4.14.8
4.13.12 		2024-11-21 15:22
2021-10-13 		Show GitHub Exploit DB Packet Storm
47 7.5
5.0 		HIGH
Network 		A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds me… - CVE-2020-27840 cpe:2.3:a:samba:samba:*:* 4.14.0
4.13.0
4.0.0



4.14.1
4.13.6
4.12.13 		2024-11-21 14:21
2021-05-13 		Show GitHub Exploit DB Packet Storm
48 7.5
5.0 		HIGH
Network 		A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the req… CWE-787
 Out-of-bounds Write 		CVE-2021-20277 cpe:2.3:a:samba:samba:*:* 4.14.0
4.13.0
4.0.0



4.14.1
4.13.6
4.12.13 		2024-11-21 14:46
2021-05-12 		Show GitHub Exploit DB Packet Storm
49 6.8
4.9 		MEDIUM
Network 		A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyo… - CVE-2021-20254 cpe:2.3:a:samba:samba:*:* 4.14.0
4.13.0
3.6.0



4.14.4
4.13.8
4.12.15 		2024-11-21 14:46
2021-05-5 		Show GitHub Exploit DB Packet Storm
50 4.3
4.0 		MEDIUM
Network 		A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be u… - CVE-2020-14318 cpe:2.3:a:samba:samba:*:* 4.12.0
4.13.0
3.6.0



4.12.9
4.13.1
4.11.15 		2024-11-21 14:02
2020-12-4 		Show GitHub Exploit DB Packet Storm