Lucene search

K

Veracode Vulnerability DatabaseVERACODE:42216

HistoryAug 06, 2023 - 10:02 a.m.

Information Disclosure

2023-08-0610:02:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

samba

vulnerability

rpc

request

infinite loop

malicious client

attacker

information disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

54.5%

samba is vulnerable to Information Disclosure. This vulnerability occurs when samba parses a specially crafted RPC request. If the request is valid, samba could enter an infinite loop, allowing a malicious client or an attacker to view the information that is part of the disclosed path.

References

access.redhat.com/errata/RHSA-2023:6667

access.redhat.com/errata/RHSA-2023:7139

access.redhat.com/errata/RHSA-2024:0423

access.redhat.com/errata/RHSA-2024:0580

access.redhat.com/security/cve/CVE-2023-34968

bugzilla.redhat.com/show_bug.cgi?id=2222795

lists.fedoraproject.org/archives/list/[email protected]/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/

lists.fedoraproject.org/archives/list/[email protected]/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/

security-tracker.debian.org/tracker/CVE-2023-34968

security.netapp.com/advisory/ntap-20230731-0010/

www.debian.org/security/2023/dsa-5477

www.samba.org/samba/security/CVE-2023-34968.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

54.5%

Related for VERACODE:42216