CVE-2025-57632

Name of the Vulnerable Software and Affected Versions libsmb2 versions 6.2 and later

Description The software contains a flaw due to improper handling of SMB2 chained PDUs (NextCommand). Specifically, the smb2 add iovector() function is repeatedly called to append to a fixed-size iovec array without sufficient bounds checking, leading to a potential overflow of v->niov (SMB2 MAX VECTORS=256). An attacker can exploit this by crafting responses with numerous chained PDUs, potentially causing heap out-of-bounds writes, memory corruption, crashes, and possible arbitrary code execution. The SMB2 OPLOCK BREAK path also bypasses message ID validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.