发布时间: 2022年11月4日
修改时间: 2024年10月31日
The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.Affects - All versions of Samba since Samba 4.0 compiled with Heimdal Kerberos.Samba 4.15.11, 4.16.6 and 4.17.2 have been issued as security releases to correct the defecthttps://www.samba.org/samba/security/CVE-2022-3437.html
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 6.5 | 5.9 |
| Attack Complexity | Low | High |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | None | High |
| User Interaction | None | None |
| Availability | High | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2557 | samba security update | 2022年11月4日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | samba | Fixed |
| KY3.4-5 | samba | Fixed |
| KY3.5.1 | samba | Fixed |
