CVE-2022-2127
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.6-1.el8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.6-1.el8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 0:4.15.5-15.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 0:4.17.5-5.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:4.18.6-100.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:4.18.6-100.el9 < * | unaffected |
| Red Hat | Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | 0:4.15.5-15.el8_6 < * | unaffected |
Weaknesses
- CWE-125: Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:6667
- https://access.redhat.com/errata/RHSA-2023:7139
- https://access.redhat.com/errata/RHSA-2024:0423
- https://access.redhat.com/errata/RHSA-2024:0580
- https://access.redhat.com/security/cve/CVE-2022-2127
- https://bugzilla.redhat.com/show_bug.cgi?id=2222791
- https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
- https://security.netapp.com/advisory/ntap-20230731-0010/
- https://www.debian.org/security/2023/dsa-5477
- https://www.samba.org/samba/security/CVE-2022-2127.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2023:6667
- https://access.redhat.com/errata/RHSA-2023:7139
- https://access.redhat.com/errata/RHSA-2024:0423
- https://access.redhat.com/errata/RHSA-2024:0580
- https://access.redhat.com/security/cve/CVE-2022-2127
- https://bugzilla.redhat.com/show_bug.cgi?id=2222791
- https://www.samba.org/samba/security/CVE-2022-2127.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.