The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.
Affects - All versions of Samba since Samba 4.0 compiled with Heimdal Kerberos.
Samba 4.15.11, 4.16.6 and 4.17.2 have been issued as security releases to correct the defect
Created samba tracking bugs for this issue:
Affects: fedora-all [bug 2137777]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):