CVE-2022-2127

MEDIUM

Samba - Memory Corruption

Title source: llm
STIX 2.1

Description

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6667
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7139
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0423
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0580
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2022-2127
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2222791

Scores

CVSS v3 5.9
EPSS 0.0115
EPSS Percentile 78.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (8)
debian/debian_linux 12.0
fedoraproject/fedora 37
fedoraproject/fedora 38
redhat/enterprise_linux 6.0
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
redhat/enterprise_linux 9.0
samba/samba 4.16.0 - 4.16.10
Published Jul 20, 2023
Tracked Since Feb 18, 2026