Bug 2137774 (CVE-2022-3437) - CVE-2022-3437 samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal
Summary: CVE-2022-3437 samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_d...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-3437
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2137777 2138446
Blocks: 2137644
TreeView+ depends on / blocked
 
Reported: 2022-10-26 07:29 UTC by TEJ RATHI
Modified: 2023-02-09 01:36 UTC (History)
9 users (show)

Fixed In Version: samba 4.15.11, samba 4.16.6, samba 4.17.2
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
Clone Of:
Environment:
Last Closed: 2023-02-09 01:36:49 UTC
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2022-10-26 07:29:15 UTC 
The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.

Affects - All versions of Samba since Samba 4.0 compiled with Heimdal Kerberos.
Samba 4.15.11, 4.16.6 and 4.17.2 have been issued as security releases to correct the defect

https://www.samba.org/samba/security/CVE-2022-3437.html
Comment 1 TEJ RATHI 2022-10-26 07:36:52 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2137777]
Comment 7 Product Security DevOps Team 2023-02-09 01:36:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3437
Note You need to log in before you can comment on or make changes to this bug.