{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3437", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-10-28T18:59:39.543Z", "dateReserved": "2022-10-10T00:00:00", "datePublished": "2023-01-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-04-22T16:06:05.042792"}, "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "Fixed in samba 4.15.11, samba 4.16.6, samba 4.17.2.", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}, {"url": "https://www.samba.org/samba/security/CVE-2022-3437.html"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3437"}, {"name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"}, {"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}, {"name": "GLSA-202310-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-06"}, {"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write", "cweId": "CWE-122"}]}]}, "adp": [{"affected": [{"vendor": "samba", "product": "samba", "cpes": ["cpe:2.3:a:samba:samba:4.15.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.15.11", "status": "unaffected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-22T18:53:20.072020Z", "id": "CVE-2022-3437", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T18:59:39.543Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.624Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2022-3437.html", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3437", "tags": ["x_transferred"]}, {"name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"}, {"url": "https://security.netapp.com/advisory/ntap-20230216-0008/", "tags": ["x_transferred"]}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}, {"name": "GLSA-202310-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202310-06"}, {"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2022-3437.html", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3437", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/02/08/1", "name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230216-0008/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202309-06", "name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202310-06", "name": "GLSA-202310-06", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html", "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.624Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-3437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:53:20.072020Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:samba:samba:4.15.11:*:*:*:*:*:*:*"], "vendor": "samba", "product": "samba", "versions": [{"status": "unaffected", "version": "4.15.11"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T19:08:09.261Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "samba", "versions": [{"status": "affected", "version": "Fixed in samba 4.15.11, samba 4.16.6, samba 4.17.2."}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}, {"url": "https://www.samba.org/samba/security/CVE-2022-3437.html"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3437"}, {"url": "http://www.openwall.com/lists/oss-security/2023/02/08/1", "name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"url": "https://security.gentoo.org/glsa/202309-06", "name": "GLSA-202309-06", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202310-06", "name": "GLSA-202310-06", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html", "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-04-22T16:06:05.042792"}}}, "cveMetadata": {"cveId": "CVE-2022-3437", "state": "PUBLISHED", "dateUpdated": "2024-10-28T18:59:39.543Z", "dateReserved": "2022-10-10T00:00:00", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-01-12T00:00:00", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DEC17A1-7D7E-438F-A7BF-6FA34AD63EC7", "versionEndExcluding": "4.15.11", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "6601140E-E676-40C8-9700-9B7F9ACEC63C", "versionEndExcluding": "4.16.6", "versionStartIncluding": "4.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CD07976-E402-4282-B52A-AC9A6FD27FB5", "versionEndExcluding": "4.17.2", "versionStartIncluding": "4.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer en Samba dentro de las rutinas GSSAPI unwrap_des() y unwrap_des3() de Heimdal. Las rutinas de descifrado DES y Triple-DES de la biblioteca GSSAPI de Heimdal permiten un desbordamiento del b\u00fafer de escritura de longitud limitada en la memoria asignada a malloc() cuando se presenta un paquete maliciosamente peque\u00f1o. Este fallo permite a un usuario remoto enviar datos maliciosos especialmente manipulados a la aplicaci\u00f3n, lo que puede provocar un ataque de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2022-3437", "lastModified": "2024-11-21T07:19:30.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-12T15:15:10.083", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-3437"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202310-06"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-3437.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-3437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202310-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-3437.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Upstream acknowledges Evgeny Legerov (Intevydis) as the original reporter.", "bugzilla": {"description": "samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal", "id": "2137774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", "status": "draft"}, "cwe": "CWE-122->CWE-787", "details": ["A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.", "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."], "name": "CVE-2022-3437", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Storage 3"}], "public_date": "2022-10-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3437\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3437\nhttps://www.samba.org/samba/security/CVE-2022-3437.html"], "statement": "Samba in RHEL is not compiled to use the Heimdal Kerberos library.\nVersions of Samba shipped in Red Hat Enterprise Linux are compiled to use the system MIT Kerberos using the \"--with-system-mitkrb5\" argument, and these installations are not impacted, as the vulnerable code is not compiled into Samba.", "threat_severity": "Moderate", "upstream_fix": "samba 4.15.11, samba 4.16.6, samba 4.17.2"}