CVE-2021-23192
samba: Subsequent DCE/RPC fragment injection vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Se ha encontrado un fallo en la forma en que samba implementa DCE/RPC. Si un cliente a un servidor Samba enviaba una petición DCE/RPC muy grande, y elegía fragmentarla, un atacante podía reemplazar los fragmentos posteriores con sus propios datos, omitiendo los requisitos de firma
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-20 CVE Reserved
- 2021-11-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://ubuntu.com/security/CVE-2021-23192 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.samba.org/samba/security/CVE-2021-23192.html | 2023-09-17 |
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2019666 | 2022-01-04 | |
https://security.gentoo.org/glsa/202309-06 | 2023-09-17 | |
https://access.redhat.com/security/cve/CVE-2021-23192 | 2022-01-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.10.0 < 4.13.14 Search vendor "Samba" for product "Samba" and version " >= 4.10.0 < 4.13.14" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.14.0 < 4.14.10 Search vendor "Samba" for product "Samba" and version " >= 4.14.0 < 4.14.10" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.15.0 < 4.15.2 Search vendor "Samba" for product "Samba" and version " >= 4.15.0 < 4.15.2" | - |
Affected
|