Samba Vulnerability in AD Users Leading to Potential Server Crashes
CVE-2022-32745

8.1HIGH

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 25 August 2022

What is CVE-2022-32745?

A vulnerability exists in Samba that allows Active Directory (AD) users to manipulate LDAP add or modify requests, potentially leading the server to access and utilize uninitialized data. This flaw may result in unexpected behavior, such as a segmentation fault, which can disrupt server operations. The issue necessitates immediate attention to ensure server stability and security.

Affected Version(s)

samba Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14

References

https://www.samba.org/samba/security/CVE-2022-32745.html

https://security.gentoo.org/glsa/202309-06

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Jun 9, 2022