This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fruit_pread method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

References

www.samba.org/samba/security/CVE-2021-44142.html

oraclelinux 2

nessus 54

ibm 6

openvas 41

nvd 1

osv 7

suse 3

cvelist 1

redhat 9

rocky 2

paloalto 1

cbl_mariner 1

threatpost 1

f5 1

ubuntu 3

debiancve 1

trendmicroblog 1

githubexploit 3

prion 1

ubuntucve 1

zdi 2

cert 1

samba 1

redhatcve 1

cve 1

alpinelinux 1

veracode 1

cloudfoundry 1

almalinux 1

centos 1

kaspersky 1

altlinux 1

fedora 2

debian 1

thn 1

malwarebytes 1

amazon 2

redos 1

cisa 1

freebsd 1

mageia 1

gentoo 1

oraclelinux

samba security and bug fix update

2022-02-01 00:00:00

samba security and bug fix update

2022-02-01 00:00:00

nessus

RHEL 7 : samba (RHSA-2022:0328)

2022-02-01 00:00:00

Oracle Linux 8 : samba (ELSA-2022-0332)

2022-02-01 00:00:00

RHEL 8 : samba (RHSA-2022:0331)

2022-02-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-16 17:09:07

Security Bulletin: IBM Cloud Pak for Data System 2.0 is vulnerable to arbitrary code execution due to Samba (CVE-2021-44142)

2022-02-25 05:40:33

Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

2023-03-31 14:46:30

openvas

SUSE: Security Advisory (SUSE-SU-2022:0284-1)

2022-02-03 00:00:00

openSUSE: Security Advisory for samba (openSUSE-SU-2022:0287-1)

2022-02-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0252-1)

2022-02-03 00:00:00

nvd

CVE-2021-44142

2022-02-21 15:15:07

osv

samba - security update

2022-02-11 00:00:00

samba vulnerability

2022-02-01 11:56:09

CVE-2021-44142

2022-02-21 15:15:07

suse

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (critical)

2022-02-01 00:00:00

Security update for samba (important)

2022-02-01 00:00:00

cvelist

CVE-2021-44142

2022-02-21 00:00:00

redhat

(RHSA-2022:0458) Critical: samba security update

2022-02-07 17:28:27

(RHSA-2022:0457) Critical: samba security update

2022-02-07 17:27:51

(RHSA-2022:0330) Critical: samba security update

2022-01-31 15:40:27

rocky

samba security and bug fix update

2022-02-01 03:32:27

samba security and bug fix update

2022-01-31 15:40:41

paloalto

Informational: Impact of the Samba Vulnerability CVE-2021-44142 on PAN-OS

2022-03-09 17:00:00

cbl_mariner

CVE-2021-44142 affecting package samba 4.12.5-6

2024-07-05 21:08:40

threatpost

Samba 'Fruit' Bug Allows RCE, Full Root User Access

2022-02-01 20:02:02

K84695749 : Samba vulnerability CVE-2021-44142

2022-02-02 00:00:00

ubuntu

Samba vulnerability

2022-02-01 00:00:00

Samba vulnerability

2022-02-03 00:00:00

Samba vulnerabilities

2022-02-01 00:00:00

debiancve

CVE-2021-44142

2022-02-21 15:15:07

trendmicroblog

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

2022-02-02 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Samba

2022-03-29 17:32:25

Exploit for Out-of-bounds Read in Samba

2022-04-22 04:46:54

Exploit for Out-of-bounds Write in Samba

2022-03-29 19:03:38

prion

Heap overflow

2022-02-21 15:15:00

ubuntucve

CVE-2021-44142

2022-01-31 00:00:00

zdi

(Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability

2022-02-01 00:00:00

cert

Samba vfs_fruit module insecurely handles extended file attributes

2022-01-31 00:00:00

samba

Out-of-bounds heap read/write vulnerability

2022-01-31 00:00:00

redhatcve

CVE-2021-44142

2022-01-31 15:06:30

cve

CVE-2021-44142

2022-02-21 15:15:07

alpinelinux

CVE-2021-44142

2022-02-21 15:15:07

veracode

Remote Code Execution (RCE)

2022-02-03 11:21:59

cloudfoundry

USN-5260-2: Samba vulnerability | Cloud Foundry

2022-03-10 00:00:00

almalinux

Critical: samba security and bug fix update

2022-01-31 15:40:41

centos

ctdb, libsmbclient, libwbclient, samba security update

2022-02-01 18:03:11

kaspersky

KLA12439 Multiple vulnerabilities in Samba

2022-01-31 00:00:00

altlinux

Security fix for the ALT Linux 10 package samba version 4.14.12-alt1

2022-02-09 00:00:00

fedora

[SECURITY] Fedora 34 Update: samba-4.14.12-0.fc34

2022-02-03 01:12:33

[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35

2022-02-02 01:26:36

debian

[SECURITY] [DSA 5071-1] samba security update

2022-02-11 15:11:29

thn

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

2022-02-01 04:16:00

malwarebytes

Samba patches critical vulnerability that allows remote code execution as root

2022-02-01 15:22:52

amazon

Critical: samba

2022-02-03 19:29:00

Critical: samba

2022-02-10 21:59:00

redos

ROS-20220208-01

2022-02-08 00:00:00

cisa

Samba Releases Security Updates

2022-02-01 00:00:00

freebsd

samba -- Multiple Vulnerabilities

2022-01-31 00:00:00

mageia

Updated samba packages fix security vulnerability

2022-02-09 23:46:00

gentoo

Samba: Multiple Vulnerabilities

2023-09-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.18 Low

EPSS

Percentile

96.2%

JSON

Related for ZDI-22-245