CVE-2015-3223
MEDIUMSamba 4.x < 4.1.22, 4.2.x < 4.2.7, 4.3.x < 4.3.3 - Denial of Service via Crafted LDAP Packets
Title source: llmDescription
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
References (19)
Core 19
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1290287
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2855-2
Vendor Advisory x_refsource_confirm
https://www.samba.org/samba/security/CVE-2015-3223.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2856-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79731
Various Sources x_refsource_confirm
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034493
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3433
Various Sources x_refsource_confirm
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-47
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2855-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
Scores
CVSS v3
5.3
EPSS
0.2026
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-189
CWE-399
Status
published
Products (50)
samba/samba
4.0.0
samba/samba
4.0.1
samba/samba
4.0.2
samba/samba
4.0.3
samba/samba
4.0.4
samba/samba
4.0.5
samba/samba
4.0.6
samba/samba
4.0.7
samba/samba
4.0.8
samba/samba
4.0.9
... and 40 more
Published
Dec 29, 2015
Tracked Since
Feb 18, 2026