CVE-2022-3437 - OpenCVE

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Fedoraproject	Fedora
Samba	Samba

Configuration 1 [-]

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/02/08/1
https://access.redhat.com/security/cve/CVE-2022-3437	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2137774	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
https://security.gentoo.org/glsa/202309-06
https://security.gentoo.org/glsa/202310-06
https://security.netapp.com/advisory/ntap-20230216-0008/
https://www.samba.org/samba/security/CVE-2022-3437.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-01-12T00:00:00

Updated: 2024-06-04T17:15:31.921Z

Reserved: 2022-10-10T00:00:00

Link: CVE-2022-3437

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-12T15:15:10.083

Modified: 2024-04-22T16:15:12.370

Link: CVE-2022-3437

JSON object: View

Redhat Information

No data.

CWE

CWE-122

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3437", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-06-04T17:15:31.921Z", "dateReserved": "2022-10-10T00:00:00", "datePublished": "2023-01-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-04-22T16:06:05.042792"}, "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "Fixed in samba 4.15.11, samba 4.16.6, samba 4.17.2.", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}, {"url": "https://www.samba.org/samba/security/CVE-2022-3437.html"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-3437"}, {"name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"}, {"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}, {"name": "GLSA-202310-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-06"}, {"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write", "cweId": "CWE-122"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:53:20.072020Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:samba:samba:4.15.11:*:*:*:*:*:*:*"], "vendor": "samba", "product": "samba", "versions": [{"status": "unknown", "version": "4.15.11"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:15:31.921Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DEC17A1-7D7E-438F-A7BF-6FA34AD63EC7", "versionEndExcluding": "4.15.11", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "6601140E-E676-40C8-9700-9B7F9ACEC63C", "versionEndExcluding": "4.16.6", "versionStartIncluding": "4.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CD07976-E402-4282-B52A-AC9A6FD27FB5", "versionEndExcluding": "4.17.2", "versionStartIncluding": "4.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de desbordamiento de b\u00fafer en Samba dentro de las rutinas GSSAPI unwrap_des() y unwrap_des3() de Heimdal. Las rutinas de descifrado DES y Triple-DES de la biblioteca GSSAPI de Heimdal permiten un desbordamiento del b\u00fafer de escritura de longitud limitada en la memoria asignada a malloc() cuando se presenta un paquete maliciosamente peque\u00f1o. Este fallo permite a un usuario remoto enviar datos maliciosos especialmente manipulados a la aplicaci\u00f3n, lo que puede provocar un ataque de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2022-3437", "lastModified": "2024-04-22T16:15:12.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-12T15:15:10.083", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-3437"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202310-06"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-3437.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Primary"}]}