CVE-2022-3437
Ubuntu Security Notice USN-5936-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
Se encontró una vulnerabilidad de desbordamiento de búfer en Samba dentro de las rutinas GSSAPI unwrap_des() y unwrap_des3() de Heimdal. Las rutinas de descifrado DES y Triple-DES de la biblioteca GSSAPI de Heimdal permiten un desbordamiento del búfer de escritura de longitud limitada en la memoria asignada a malloc() cuando se presenta un paquete maliciosamente pequeño. Este fallo permite a un usuario remoto enviar datos maliciosos especialmente manipulados a la aplicación, lo que puede provocar un ataque de denegación de servicio (DoS).
USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2022-10-10 CVE Reserved
- 2022-10-31 CVE Published
- 2024-10-28 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2023/02/08/1 | Mailing List |
|
| https://access.redhat.com/security/cve/CVE-2022-3437 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2137774 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230216-0008 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202309-06 | 2024-04-22 | |
| https://security.gentoo.org/glsa/202310-06 | 2024-04-22 | |
| https://www.samba.org/samba/security/CVE-2022-3437.html | 2024-04-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.0.0 < 4.15.11 Search vendor "Samba" for product "Samba" and version " >= 4.0.0 < 4.15.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.16.0 < 4.16.6 Search vendor "Samba" for product "Samba" and version " >= 4.16.0 < 4.16.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.17.0 < 4.17.2 Search vendor "Samba" for product "Samba" and version " >= 4.17.0 < 4.17.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||