Use-after-free Vulnerability in Samba Software by Samba Team
CVE-2019-19344

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Samba
Vendor: CVE Published:; 21 January 2020

Summary

A use-after-free vulnerability exists in all versions of Samba 4.9.x prior to 4.9.18, 4.10.x prior to 4.10.12, and 4.11.x prior to 4.11.5. This flaw arises from a problematic call to realloc(), which may allow an attacker to exploit the original buffer while other local variables still point to it, potentially leading to unexpected behavior or remote code execution.

Affected Version(s)

samba all samba 4.11.x versions before 4.11.5

samba all samba 4.10.x versions before 4.10.12

samba all samba 4.9.x versions before 4.9.18

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344

https://www.samba.org/samba/security/CVE-2019-19344.html

https://security.netapp.com/advisory/ntap-20200122-0001/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2020
Vulnerability Reserved
Nov 27, 2019