CVE-2023-5568
Samba: heap buffer overflow with freshness tokens in the heimdal kdc
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
Se descubrió una falla de desbordamiento de búfer basada en montón en Samba. Podría permitir que un atacante remoto y autenticado aproveche esta vulnerabilidad para provocar una denegación de servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-13 CVE Reserved
- 2023-10-24 CVE Published
- 2024-09-18 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-5568 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245174 | Issue Tracking | |
| https://security.netapp.com/advisory/ntap-20231124-0007 |
|
|
| https://www.samba.org/samba/history/samba-4.19.2.html | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.samba.org/show_bug.cgi?id=15491 | 2023-11-24 |