PT-2020-5783 · Samba+3 · Samba+3

Published

2020-01-21

Updated

2025-01-14

CVE-2019-19344

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: samba versions 4.9.x before 4.9.18 samba versions 4.10.x before 4.10.12 samba versions 4.11.x before 4.11.5

Description: The issue is related to a use-after-free problem, essentially due to a call to realloc() while other local variables still point at the original buffer. This can be exploited by a remote attacker to cause a denial of service.

Recommendations: For samba versions 4.9.x before 4.9.18, update to version 4.9.18 or later. For samba versions 4.10.x before 4.10.12, update to version 4.10.12 or later. For samba versions 4.11.x before 4.11.5, update to version 4.11.5 or later. As a temporary workaround, consider restricting access to the vulnerable samba functionality until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2020-1135

ALT-PU-2020-1901

BDU:2021-01742

CVE-2019-19344

DLA-3563-1

ECHO-3782-FA30-3960

MGASA-2020-0058

OPENSUSE-SU-2020:0122-1

OPENSUSE-SU-2020_0122-1

OPENSUSE-SU-2024:11365-1

SUSE-SU-2020:0223-1

SUSE-SU-2020:2673-1

USN-4244-1

Affected Products

Alt Linux

Samba

Suse

Ubuntu

PT-2020-5783 · Samba+3 · Samba+3

CVE-2019-19344

Weakness Enumeration

Related Identifiers

Affected Products

References · 126