CVE-2022-3437

Summary

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Affected Software

VendorProductVersion RangeStatus
n/asambaFixed in samba 4.15.11, samba 4.16.6, samba 4.17.2.affected

Weaknesses

  • CWE-122: CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References