CVE-2019-19344

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Samba
Vendor: CVE Published:; 21 January 2020

Summary

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

Affected Version(s)

samba all samba 4.11.x versions before 4.11.5

samba all samba 4.10.x versions before 4.10.12

samba all samba 4.9.x versions before 4.9.18

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344

https://www.samba.org/samba/security/CVE-2019-19344.html

https://security.netapp.com/advisory/ntap-20200122-0001/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2020
Vulnerability Reserved
Nov 27, 2019