CVE-2022-2127

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:6667	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7139	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0423
https://access.redhat.com/errata/RHSA-2024:0580
https://access.redhat.com/security/cve/CVE-2022-2127	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2222791	Issue Tracking Third Party Advisory
https://www.samba.org/samba/security/CVE-2022-2127.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

16 Sep 2024, 13:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html', 'source': 'secalert@redhat.com'}~~ {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'} ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://security.netapp.com/advisory/ntap-20230731-0010/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://www.debian.org/security/2023/dsa-5477', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}~~

22 Apr 2024, 16:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html -

30 Jan 2024, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0580 -

25 Jan 2024, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0423 -

27 Dec 2023, 22:05

Type	Values Removed	Values Added
References	~~(MISC) https://www.debian.org/security/2023/dsa-5477 -~~	(MISC) https://www.debian.org/security/2023/dsa-5477 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7139 -~~	() https://access.redhat.com/errata/RHSA-2023:7139 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:6667 -~~	() https://access.redhat.com/errata/RHSA-2023:6667 - Third Party Advisory
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ - Third Party Advisory~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ - Mailing List
First Time		Debian debian Linux Debian
CPE		cpe:2.3:o:debian:debian_linux:12.0:::::::*

14 Nov 2023, 21:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7139 -

07 Nov 2023, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:6667 -

15 Aug 2023, 04:15

Type	Values Removed	Values Added
References		(MISC) https://www.debian.org/security/2023/dsa-5477 -

08 Aug 2023, 19:11

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.9
CPE		cpe:2.3:o:fedoraproject:fedora:37:::::::*
References	~~(MISC) https://security.netapp.com/advisory/ntap-20230731-0010/ -~~	(MISC) https://security.netapp.com/advisory/ntap-20230731-0010/ - Third Party Advisory
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ -~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ - Third Party Advisory

05 Aug 2023, 03:15

Type	Values Removed	Values Added
References		(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ -

31 Jul 2023, 19:15

Type	Values Removed	Values Added
References		(MISC) https://security.netapp.com/advisory/ntap-20230731-0010/ -

28 Jul 2023, 22:00

Type	Values Removed	Values Added
CWE		CWE-125
CPE		cpe:2.3:a:samba:samba:::::::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
First Time		Fedoraproject fedora Fedoraproject Redhat Samba samba Samba Redhat enterprise Linux
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ -~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ - Mailing List, Third Party Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222791 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222791 - Issue Tracking, Third Party Advisory
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2022-2127 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2022-2127 - Third Party Advisory
References	~~(MISC) https://www.samba.org/samba/security/CVE-2022-2127.html -~~	(MISC) https://www.samba.org/samba/security/CVE-2022-2127.html - Mitigation, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

22 Jul 2023, 03:15

Type	Values Removed	Values Added
References		(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ -

20 Jul 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-20 15:15

Updated : 2024-09-16 13:15

NVD link : CVE-2022-2127

Mitre link : CVE-2022-2127

CVE.ORG link : CVE-2022-2127

JSON object : View

Products Affected

samba

samba

redhat

enterprise_linux

debian

debian_linux

fedoraproject

fedora

CWE

CWE-125

Out-of-bounds Read

5.9 /10