An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
22 Apr 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Dec 2023, 22:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://www.debian.org/security/2023/dsa-5477 - Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ - Mailing List | |
CPE | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
15 Aug 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2023, 19:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | |
References |
|
|
References | (MISC) https://security.netapp.com/advisory/ntap-20230731-0010/ - Third Party Advisory |
31 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Jul 2023, 22:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222791 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ - Mailing List, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-2127 - Third Party Advisory | |
References | (MISC) https://www.samba.org/samba/security/CVE-2022-2127.html - Mitigation, Vendor Advisory | |
CWE | CWE-125 | |
CPE | cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
22 Jul 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-20 15:15
Updated : 2024-04-22 16:15
NVD link : CVE-2022-2127
Mitre link : CVE-2022-2127
CVE.ORG link : CVE-2022-2127
JSON object : View
Products Affected
samba
- samba
redhat
- enterprise_linux
fedoraproject
- fedora
debian
- debian_linux
CWE
CWE-125
Out-of-bounds Read