Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
81 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
82 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
83 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
84 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
85 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
86 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
87 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
88 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
89 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
90 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
91 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
92 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
93 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
94 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
95 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
96 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
97 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
98 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
99 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
100 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
101 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
102 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
103 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
104 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
105 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
106 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
107 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
108 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
109 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
110 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
111 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
112 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
81 6.5
4.0 		MEDIUM
Network 		A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local at… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2018-14629 cpe:2.3:a:samba:samba:*:* 4.8.8
4.8.0
4.0.0



4.9.3
4.8.7
4.7.12 		2024-11-21 12:49
2018-11-28 		Show GitHub Exploit DB Packet Storm
82 6.5
4.0 		MEDIUM
Network 		Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() tw… CWE-415
 Double Free 		CVE-2018-16841 cpe:2.3:a:samba:samba:*:* 4.3.0
4.8.0
4.9.0



4.7.12
4.8.7
4.9.3 		2024-11-21 12:53
2018-11-28 		Show GitHub Exploit DB Packet Storm
83 8.8
6.5 		HIGH
Network 		A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses… - CVE-2016-2123 cpe:2.3:a:samba:samba:*:* 4.4.0
4.5.0
4.3.0
4.2.0
4.1.0
4.0.0


4.2.14
4.1.23
4.0.26




4.4.8
4.5.3
4.3.13


 2024-11-21 11:47
2018-11-1 		Show GitHub Exploit DB Packet Storm
84 6.5
3.3 		MEDIUM
Adjacent 		It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subse… CWE-20
 Improper Input Validation  		CVE-2016-2125 cpe:2.3:a:samba:samba:*:* 4.4.0
4.5.0
3.0.25



4.4.8
4.5.3
4.3.13 		2024-11-21 11:47
2018-11-1 		Show GitHub Exploit DB Packet Storm
85 6.5
4.0 		MEDIUM
Network 		The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential… CWE-200
Information Exposure 		CVE-2018-10919 cpe:2.3:a:samba:samba:*:* 4.8.0
4.7.0
4.0.0



4.8.4
4.7.9
4.6.16 		2024-11-21 12:42
2018-08-23 		Show GitHub Exploit DB Packet Storm
86 6.5
4.0 		MEDIUM
Network 		A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Dir… CWE-476
 NULL Pointer Dereference 		CVE-2018-10918 cpe:2.3:a:samba:samba:*:* 4.8.0
4.7.0

4.8.4
4.7.9 		2024-11-21 12:42
2018-08-23 		Show GitHub Exploit DB Packet Storm
87 8.8
6.5 		HIGH
Network 		A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a sam… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2018-10858 cpe:2.3:a:samba:samba:*:*
4.8.0
4.7.0



4.6.16
4.8.4
4.7.9 		2024-11-21 12:42
2018-08-23 		Show GitHub Exploit DB Packet Storm
88 6.5
3.3 		MEDIUM
Adjacent 		A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used a… CWE-20
 Improper Input Validation  		CVE-2018-1140 cpe:2.3:a:samba:samba:*:* 4.8.0 4.8.4 2024-11-21 12:59
2018-08-22 		Show GitHub Exploit DB Packet Storm
89 8.1
4.3 		HIGH
Network 		A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to re… CWE-522
 Insufficiently Protected Credentials 		CVE-2018-1139 cpe:2.3:a:samba:samba:*:* 4.8.0
4.7.0

4.8.4
4.7.9 		2024-11-21 12:59
2018-08-22 		Show GitHub Exploit DB Packet Storm
90 7.4
5.8 		HIGH
Network 		A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and… CWE-310
Cryptographic Issues 		CVE-2017-12151 cpe:2.3:a:samba:samba:*:* 4.6.0
4.5.0



4.6.8
4.5.14
4.4.16 		2024-11-21 12:08
2018-07-27 		Show GitHub Exploit DB Packet Storm