A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
Metrics
Affected Vendors & Products
References
History
Mon, 28 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:samba:samba:4.15.11:*:*:*:*:*:*:* | |
Metrics |
cvssV3_1
|
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-01-12T00:00:00
Updated: 2024-10-28T18:59:39.543Z
Reserved: 2022-10-10T00:00:00
Link: CVE-2022-3437
Vulnrichment
Updated: 2024-08-03T01:07:06.624Z
NVD
Status : Modified
Published: 2023-01-12T15:15:10.083
Modified: 2024-11-21T07:19:30.940
Link: CVE-2022-3437
Redhat