PT-2022-4079 · Samba+6 · Samba+6

Joseph Sutton

Published

2022-07-18

Updated

2024-11-15

CVE-2022-32745

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A flaw was found in Samba, where Samba AD users can cause the server to access uninitialized data with an LDAP add or modify request, usually resulting in a segmentation fault. The vulnerability is related to errors in initializing the count variable in the memcpy() function. Exploitation of the vulnerability may allow a remote attacker to impact the confidentiality of protected information or cause a denial of service by sending specially crafted messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Use of Uninitialized Resource

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-125CWE-908CWE-119

Related Identifiers

ALT-PU-2022-2322

ALT-PU-2022-2438

ALT-PU-2023-1616

ALT-PU-2024-14683

AZL-44790

BDU:2022-04913

CVE-2022-32745

DSA-5205-1

ECHO-9F43-B0B4-B84F

MGASA-2022-0299

OESA-2022-1798

OPENSUSE-SU-2022_2586-1

OPENSUSE-SU-2022_2659-1

OPENSUSE-SU-2022_4395-1

OPENSUSE-SU-2023_0160-1

OPENSUSE-SU-2024:12243-1

SUSE-SU-2022:2582-1

SUSE-SU-2022:2586-1

SUSE-SU-2022:2586-2

SUSE-SU-2022:2659-1

SUSE-SU-2022:4395-1

SUSE-SU-2023:0081-1

SUSE-SU-2023:0160-1

USN-5542-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Samba

Suse

Ubuntu

PT-2022-4079 · Samba+6 · Samba+6

CVE-2022-32745

Weakness Enumeration

Related Identifiers

Affected Products

References · 96