Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-23192

Published: 9 November 2021

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

Notes

AuthorNote
mdeslaur
affects 4.10.0 and later

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2:4.7.6+dfsg~ubuntu-0ubuntu2.24)
focal
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
hirsute
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
impish
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
jammy
Released (2:4.13.14+dfsg-0ubuntu1)
trusty Not vulnerable

upstream
Released (4.13.14)
xenial Not vulnerable