CVE-2021-23192

Summary

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

Affected Software

VendorProductVersion RangeStatus
n/asambaAffects samba v4.10.0 to 4.15.1, Fixed in samba v4.15.2, v4.14.10 and v4.13.14.affected

Weaknesses

  • CWE-20: CWE-20 - Improper Input Validation.

ADP Enrichment

CVE Program Container

Additional References

References