CVE-2022-1615

MEDIUM

Samba - Info Disclosure

Title source: llm

Description

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

References (4)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P/

[Third Party Advisory] https://security.gentoo.org/glsa/202309-06

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.samba.org/show_bug.cgi?id=15103

[Patch, Third Party Advisory] https://gitlab.com/samba-team/samba/-/merge_requests/2644

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-330

Status published

Products (2)

fedoraproject/fedora 37

samba/samba 4.1.0 - 4.17.0

Published Sep 01, 2022

Tracked Since Feb 18, 2026