CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

History

22 Apr 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html -

07 Nov 2023, 03:51

Type Values Removed Values Added
CWE CWE-122

08 Oct 2023, 09:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202310-06 -

17 Sep 2023, 09:15

Type Values Removed Values Added
CWE CWE-787
CWE-122
References
  • (GENTOO) https://security.gentoo.org/glsa/202309-06 -

Information

Published : 2023-01-12 15:15

Updated : 2024-10-28 19:35


NVD link : CVE-2022-3437

Mitre link : CVE-2022-3437

CVE.ORG link : CVE-2022-3437


JSON object : View

Products Affected

samba

  • samba

fedoraproject

  • fedora
CWE
CWE-122

Heap-based Buffer Overflow