#VU65824 Memory leak in Samba


Published: 2022-07-27 | Updated: 2023-05-25

Vulnerability identifier: #VU65824

Vulnerability risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32742

CWE-ID: CWE-401

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description
The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak when handling SMB1 requests. A remote user with ability to write data to a file share can force the application to leak memory and gain access to potentially sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.16.0 - 4.16.3, 4.15.0 - 4.15.8, 4.14.0 - 4.14.13, 4.13.0 - 4.13.17, 4.12.0 - 4.12.15, 4.11.0 - 4.11.17, 4.10.0 - 4.10.18, 4.9.0 - 4.9.18, 1.9.16 - 1.9.18, 4.8.0 - 4.8.12, 4.7.0 - 4.7.12, 4.6.0 - 4.6.16, 4.5.0 - 4.5.16, 4.4.0 - 4.4.16, 4.3.0 - 4.3.13, 4.2.0 - 4.2.14, 4.1.0 - 4.1.23, 4.0.0 - 4.0.26, 3.6.0 - 3.6.25, 3.5 - 3.5.22, 3.1 - 3.1.0, 3.4 - 3.4.17, 2.2 - 2.2a, 3.3 - 3.3.16, 3.0 - 3.0.37, 3.2 - 3.2.15, 2.18.3, 2.0 - 2.0.10


External links
http://www.samba.org/samba/security/CVE-2022-32742.html
http://www.zerodayinitiative.com/advisories/ZDI-23-713/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability