CVE-2022-3437

Description

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Related CPE's

asambasamba********

asambasamba********

asambasamba********

ofedoraprojectfedora36*******

ofedoraprojectfedora37*******

References

https://www.samba.org/samba/security/CVE-2022-3437.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2137774

Issue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2022-3437

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io