CVE-2018-16852
MEDIUMSamba 4.9.0-4.9.3 - Denial of Service via DNS Zone Property Handling
Title source: llmDescription
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.samba.org/samba/security/CVE-2018-16852.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20181127-0001/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106024
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202003-52
Scores
CVSS v3
6.5
EPSS
0.0290
EPSS Percentile
86.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
samba/samba
4.9.0 - 4.9.3
Published
Nov 28, 2018
Tracked Since
Feb 18, 2026