CVE-2022-32745: Samba - Security Announcement Archive

CVE-2022-32745.html:

=========================================================== == Subject: Samba AD users can crash the server process with an == LDAP add or modify request. == == CVE ID#: CVE-2022-32745 == == Versions: Samba 4.16, 4.15.2, 4.14.10, 4.13.14, and later == == Summary: Samba AD users can cause the server to access == uninitialised data with an LDAP add or modify request, == usually resulting in a segmentation fault. ===========================================================

=========== Description ===========

Due to incorrect values used as the limit for a loop and as the ‘count’ parameter to memcpy(), the server, receiving a specially crafted message, leaves an array of structures partially uninitialised, or accesses an arbitrary element beyond the end of an array.

Outcomes achievable by an attacker include segmentation faults and corresponding loss of availability. Depending on the contents of the uninitialised memory, confidentiality may also be affected.

================== Patch Availability ==================

Patches addressing both these issues have been posted to:

https://www.samba.org/samba/security/

Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible.

================== CVSSv3 calculation ==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (5.4)

========== Workaround ==========

None.

======= Credits =======

Initial report, patches, and this advisory by Joseph Sutton of Catalyst and the Samba Team.

========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================