Homepage
About Snyk

Information Exposure Affecting samba package, versions [,4.11.0)

0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 3.93% (92nd percentile)
Expand this section
NVD
4.3 medium
Expand this section
Red Hat
4.3 medium
Expand this section
SUSE
4.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-UNMANAGED-SAMBA-2961662
  • published 28 Jul 2022
  • disclosed 27 Jul 2022
  • credit Luca Moro
Report a new vulnerability Found a mistake?

Introduced: 27 Jul 2022

CVE-2022-32742 Open this link in a new tab
CWE-200 Open this link in a new tab

How to fix?

Upgrade samba to version 4.11.0 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

Note: Samba versions 4.11.0 and above disable SMB1 by default, and will only be vulnerable if the administrator has deliberately enabled SMB1 in the smb.conf file.