Peter Eriksson

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 4.12.15 Samba versions prior to 4.13.8 Samba versions prior to 4.14.4 **Description** A flaw was found in Samba that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. In most cases, it may lead to a crash of the smbd process, but in the worst-case scenario, it may allow unauthorized access to files and deletion of files by a non-privileged user on the network share. **Recommendations** For Samba versions prior to 4.12.15, update to version 4.12.15 or later. For Samba versions prior to 4.13.8, update to version 4.13.8 or later. For Samba versions prior to 4.14.4, update to version 4.14.4 or later.