Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2015-3223
HistoryDec 29, 2015 - 10:59 p.m.

CVE-2015-3223

2015-12-2922:59:00
CWE-189
CWE-399
[email protected]
web.nvd.nist.gov
69
cve-2015-3223
ldb_wildcard_compare
denial of service
infinite loop
samba 4.x
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6 Medium

AI Score

Confidence

High

0.359 Low

EPSS

Percentile

97.2%

JSON

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

Affected configurations

NVD
Node
sambasambaMatch4.0.0
OR
sambasambaMatch4.0.1
OR
sambasambaMatch4.0.2
OR
sambasambaMatch4.0.3
OR
sambasambaMatch4.0.4
OR
sambasambaMatch4.0.5
OR
sambasambaMatch4.0.6
OR
sambasambaMatch4.0.7
OR
sambasambaMatch4.0.8
OR
sambasambaMatch4.0.9
OR
sambasambaMatch4.0.10
OR
sambasambaMatch4.0.11
OR
sambasambaMatch4.0.12
OR
sambasambaMatch4.0.13
OR
sambasambaMatch4.0.14
OR
sambasambaMatch4.0.15
OR
sambasambaMatch4.0.16
OR
sambasambaMatch4.0.17
OR
sambasambaMatch4.0.18
OR
sambasambaMatch4.0.19
OR
sambasambaMatch4.0.20
OR
sambasambaMatch4.0.21
OR
sambasambaMatch4.0.22
OR
sambasambaMatch4.0.23
OR
sambasambaMatch4.0.24
OR
sambasambaMatch4.1.0
OR
sambasambaMatch4.1.1
OR
sambasambaMatch4.1.2
OR
sambasambaMatch4.1.3
OR
sambasambaMatch4.1.4
OR
sambasambaMatch4.1.5
OR
sambasambaMatch4.1.6
OR
sambasambaMatch4.1.7
OR
sambasambaMatch4.1.8
OR
sambasambaMatch4.1.9
OR
sambasambaMatch4.1.10
OR
sambasambaMatch4.1.11
OR
sambasambaMatch4.1.12
OR
sambasambaMatch4.1.13
OR
sambasambaMatch4.1.14
OR
sambasambaMatch4.1.15
OR
sambasambaMatch4.1.16
OR
sambasambaMatch4.1.17
OR
sambasambaMatch4.1.18
OR
sambasambaMatch4.1.19
OR
sambasambaMatch4.1.20
OR
sambasambaMatch4.1.21
OR
sambasambaMatch4.2.0
OR
sambasambaMatch4.2.1
OR
sambasambaMatch4.2.2
OR
sambasambaMatch4.2.3
OR
sambasambaMatch4.2.4
OR
sambasambaMatch4.2.5
OR
sambasambaMatch4.2.6
OR
sambasambaMatch4.3.0
OR
sambasambaMatch4.3.1
OR
sambasambaMatch4.3.2

References

Related

ubuntucve 1
checkpoint_advisories 1
cvelist 1
f5 2
prion 1
nvd 1
debiancve 1
samba 1
veracode 1
nessus 24
openvas 21
amazon 1
redhat 2
centos 1
oraclelinux 3
ubuntu 3
fedora 2
mageia 1
altlinux 4
suse 5
ibm 1
debian 2
osv 1
freebsd 1
gentoo 1
ubuntucve
ubuntucve
CVE-2015-3223
2015-12-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Samba LDAP Server libldb Infinite Loop Denial of Service (CVE-2015-3223)
2016-04-11 00:00:00
cvelist
cvelist
CVE-2015-3223
2015-12-29 22:00:00
f5
f5
K09417637 : Samba vulnerability CVE-2015-3223
2016-10-21 00:00:00
SOL09417637 - Samba vulnerability CVE-2015-3223
2016-10-21 00:00:00
prion
prion
Code injection
2015-12-29 22:59:00
nvd
nvd
CVE-2015-3223
2015-12-29 22:59:00
debiancve
debiancve
CVE-2015-3223
2015-12-29 22:59:00
samba
samba
Denial of service in Samba Active Directory
2015-12-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:09:29
nessus
nessus
Oracle Linux 6 / 7 : libldb (ELSA-2016-0009)
2016-01-08 00:00:00
Scientific Linux Security Update : libldb on SL6.x, SL7.x i386/x86_64 (20160107)
2016-01-11 00:00:00
CentOS 6 / 7 : libldb (CESA-2016:0009)
2016-01-08 00:00:00
openvas
openvas
CentOS Update for ldb-tools CESA-2016:0009 centos7
2016-01-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-633)
2016-01-20 00:00:00
Ubuntu: Security Advisory (USN-2856-1)
2016-01-07 00:00:00
amazon
amazon
Medium: libldb
2016-01-18 11:00:00
redhat
redhat
(RHSA-2016:0009) Moderate: libldb security update
2016-01-07 00:00:00
(RHSA-2016:0014) Moderate: libldb security update
2016-01-08 09:04:39
centos
centos
ldb, libldb, pyldb security update
2016-01-07 22:11:38
oraclelinux
oraclelinux
libldb security update
2016-01-07 00:00:00
samba security update
2016-01-07 00:00:00
samba4 security update
2016-01-07 00:00:00
ubuntu
ubuntu
ldb vulnerabilities
2016-01-05 00:00:00
Samba vulnerabilities
2016-01-05 00:00:00
Samba regression
2016-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: samba-4.3.3-0.fc23
2015-12-18 07:55:05
[SECURITY] Fedora 22 Update: samba-4.2.7-0.fc22
2015-12-26 21:53:02
mageia
mageia
Updated samba packages fix security vulnerabilities
2016-03-03 20:43:41
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.3.3-alt1
2015-12-16 00:00:00
Security fix for the ALT Linux 7 package samba version 4.3.3-alt1
2015-12-16 00:00:00
Security fix for the ALT Linux 8 package samba version 4.3.3-alt1
2015-12-16 00:00:00
suse
suse
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-18 22:10:59
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-18 21:10:45
Security update for ldb, samba, talloc, tdb, tevent (important)
2015-12-24 03:10:28
ibm
ibm
Security Bulletin: Vulnerabilities in Samba affect IBM i
2019-12-18 14:26:38
debian
debian
[SECURITY] [DSA 3433-1] samba security update
2016-01-02 09:40:27
[SECURITY] [DSA 3433-1] samba security update
2016-01-02 09:40:27
osv
osv
samba - security update
2016-01-02 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2015-12-16 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2016-12-24 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6 Medium

AI Score

Confidence

High

0.359 Low

EPSS

Percentile

97.2%

JSON
Related for CVE-2015-3223
ubuntucve1checkpoint_advisories1cvelist1f52prion1nvd1debiancve1samba1veracode1nessus24openvas21amazon1redhat2centos1oraclelinux3ubuntu3fedora2mageia1altlinux4suse5ibm1debian2osv1freebsd1gentoo1