CVE-2017-15275

HIGH

Samba 3.6.0-4.5.14 - Information Disclosure via Heap Memory Exposure

Title source: llm
STIX 2.1

Description

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3278
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3486-2
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4043
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3260
Vendor Advisory x_refsource_confirm
https://www.samba.org/samba/security/CVE-2017-15275.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3261
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201805-07
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3486-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039855
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101908

Scores

CVSS v3 7.5
EPSS 0.4327
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-119
Status published
Products (13)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.04
canonical/ubuntu_linux 17.10
debian/debian_linux 8.0
debian/debian_linux 9.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
... and 3 more
Published Nov 27, 2017
Tracked Since Feb 18, 2026