Jouni Knuutinen

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.x through 4.4.x before 4.4.2 Samba versions 4.3.x before 4.3.8 Samba versions 4.2.x before 4.2.11 **Description** The issue is related to a flaw in the implementation of the DCE-RPC layer, which can be exploited by remote attackers to perform protocol-downgrade attacks. This could lead to a denial of service, causing the application to crash or consume excessive CPU, or potentially allow the execution of arbitrary code on a client system. The vulnerability is associated with errors in the DCE-RPC implementation level. **Recommendations** For Samba versions 3.x through 4.4.x before 4.4.2, update to version 4.4.2 or later. For Samba versions 4.3.x before 4.3.8, update to version 4.3.8 or later. For Samba versions 4.2.x before 4.2.11, update to version 4.2.11 or later.