Double Free Affecting samba package, versions <2:4.9.2+dfsg-2


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
1.17% (86th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Double Free vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN10-SAMBA-357443
  • published2 Dec 2018
  • disclosed28 Nov 2018

Introduced: 28 Nov 2018

CVE-2018-16841  (opens in a new tab)
CWE-415  (opens in a new tab)

How to fix?

Upgrade Debian:10 samba to version 2:4.9.2+dfsg-2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream samba package and not the samba package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

CVSS Scores

version 3.1