Home > Vulnerability Database > CVE-2022-2127

Mend.io Vulnerability Database

CVE-2022-2127

Good to know:

Date: July 20, 2023

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

Language: C

Severity Score

5.9

Related Resources (15)

Url: https://access.redhat.com/security/cve/CVE-2022-2127

Url: https://access.redhat.com/errata/RHSA-2023:6667

Url: https://security.netapp.com/advisory/ntap-20230731-0010/

Url: https://security-tracker.debian.org/tracker/CVE-2022-2127

Url: https://access.redhat.com/errata/RHSA-2024:0580

Url: https://access.redhat.com/errata/RHSA-2023:7139

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2127

Url: https://www.debian.org/security/2023/dsa-5477

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/

Url: https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html

Url: https://www.samba.org/samba/security/CVE-2022-2127.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2222791

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/

Url: https://access.redhat.com/errata/RHSA-2024:0423

Url: https://www.mend.io/vulnerability-database/CVE-2022-2127

Severity Score

5.9

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version samba-4.16.11,samba-4.17.10,samba-4.18.5

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2127

Good to know:

Date: July 20, 2023

Language: C

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?