A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
References
Configurations
History
22 Apr 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-122 |
08 Oct 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Sep 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-122 |
|
References |
|
Information
Published : 2023-01-12 15:15
Updated : 2024-10-28 19:35
NVD link : CVE-2022-3437
Mitre link : CVE-2022-3437
CVE.ORG link : CVE-2022-3437
JSON object : View
Products Affected
samba
- samba
fedoraproject
- fedora
CWE
CWE-122
Heap-based Buffer Overflow