samba is vulnerable to denial of service (DoS) attacks. The library fails to guard against integer overflows when parsing a PAC on a 32-bit system, which allows an attacker with a forged PAC to corrupt the heap.

References

bugzilla.samba.org/show_bug.cgi?id=15203

github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c

github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583

security-tracker.debian.org/tracker/CVE-2022-42898

security.gentoo.org/glsa/202309-06

security.gentoo.org/glsa/202310-06

security.netapp.com/advisory/ntap-20230216-0008/

security.netapp.com/advisory/ntap-20230223-0001/

web.mit.edu/kerberos/advisories/

web.mit.edu/kerberos/krb5-1.19/

web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt

www.samba.org/samba/security/CVE-2022-42898.html

openvas 54

nessus 76

debiancve 1

fedora 6

amazon 3

cisa 1

redhat 11

cbl_mariner 4

osv 10

altlinux 2

f5 1

prion 1

rocky 2

oraclelinux 4

ibm 4

almalinux 2

cve 1

centos 1

alpinelinux 1

samba 1

redhatcve 1

slackware 2

debian 2

mageia 1

nvd 1

ubuntucve 1

cloudlinux 1

cvelist 1

freebsd 1

ubuntu 1

cloudfoundry 1

openvas

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-1136)

2023-01-09 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0198-1)

2023-01-30 00:00:00

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-1321)

2023-02-09 00:00:00

nessus

SUSE SLES12 Security Update : krb5 (SUSE-SU-2022:4335-1)

2022-12-07 00:00:00

RHEL 8 : krb5 (RHSA-2022:8639)

2022-11-28 00:00:00

EulerOS 2.0 SP5 : krb5 (EulerOS-SA-2023-2153)

2023-06-09 00:00:00

debiancve

CVE-2022-42898

2022-12-25 06:15:09

fedora

[SECURITY] Fedora 37 Update: samba-4.17.3-0.fc37

2022-11-18 01:18:28

[SECURITY] Fedora 37 Update: krb5-1.19.2-13.fc37

2022-11-22 01:37:30

[SECURITY] Fedora 36 Update: krb5-1.19.2-12.fc36

2022-11-22 01:20:35

amazon

Important: krb5

2023-01-18 20:56:00

Important: krb5

2023-01-31 20:44:00

Important: krb5

2023-01-18 00:17:00

cisa

Samba Releases Security Updates

2022-11-16 00:00:00

redhat

(RHSA-2022:8637) Important: krb5 security update

2022-11-28 09:18:18

(RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]

2022-12-14 14:12:25

(RHSA-2022:8638) Important: krb5 security update

2022-11-28 09:21:44

cbl_mariner

CVE-2022-42898 affecting package samba 4.12.5-6

2024-09-27 09:12:43

CVE-2022-42898 affecting package heimdal 7.7.0-5

2023-01-29 21:01:57

CVE-2022-42898 affecting package krb5 1.18.4-2

2023-01-29 21:01:58

osv

ctdb-4.17.3+git.279.ff9bb8a298-1.1 on GA media

2024-06-15 00:00:00

krb5 - security update

2022-11-29 00:00:00

Important: krb5 security update

2022-11-28 09:18:18

altlinux

Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt4

2022-11-24 00:00:00

Security fix for the ALT Linux 10 package samba version 4.16.7-alt1

2022-11-22 00:00:00

SAMBA vulnerability CVE-2022-42898

2022-11-29 22:49:00

prion

Integer overflow

2022-12-25 06:15:00

rocky

krb5 security update

2022-11-28 09:18:18

krb5 security update

2022-11-28 09:21:44

oraclelinux

krb5 security update

2022-11-29 00:00:00

krb5 security update

2023-02-09 00:00:00

krb5 security update

2022-11-29 00:00:00

ibm

Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)

2023-09-19 19:52:23

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 (CVE-2022-42898).

2023-03-31 17:55:17

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to [CVE-2022-42898]

2023-01-27 10:11:21

almalinux

Important: krb5 security update

2022-11-28 00:00:00

Important: krb5 security update

2022-11-28 00:00:00

cve

CVE-2022-42898

2022-12-25 06:15:09

centos

krb5, libkadm5 security update

2022-11-30 23:03:16

alpinelinux

CVE-2022-42898

2022-12-25 06:15:09

samba

Samba buffer overflow vulnerabilities on 32-bit

2022-11-15 00:00:00

redhatcve

CVE-2022-42898

2022-11-15 19:56:22

slackware

[slackware-security] samba

2022-11-17 02:00:41

[slackware-security] krb5

2022-11-17 01:59:39

debian

[SECURITY] [DSA 5286-1] krb5 security update

2022-11-19 13:31:00

[SECURITY] [DLA 3213-1] krb5 security update

2022-11-29 15:07:54

mageia

Updated krb5 packages fix security vulnerability

2022-12-17 21:48:08

nvd

CVE-2022-42898

2022-12-25 06:15:09

ubuntucve

CVE-2022-42898

2022-12-25 00:00:00

cloudlinux

krb5: Fix of CVE-2022-42898

2022-12-12 19:47:31

cvelist

CVE-2022-42898

2022-12-25 00:00:00

freebsd

krb5 -- Integer overflow vulnerabilities in PAC parsing

2022-11-05 00:00:00

ubuntu

Kerberos vulnerabilities

2023-01-25 00:00:00

cloudfoundry

USN-5828-1: Kerberos vulnerabilities | Cloud Foundry

2023-02-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.007

Percentile

80.5%

JSON

Related for VERACODE:38143