Your submission was sent successfully! Close

CVE-2021-23192

Published: 09 November 2021

Subsequent DCE/RPC fragment injection vulnerability. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

Priority

Medium

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
Upstream
Released (4.13.14)
Ubuntu 21.10 (Impish Indri)
Released (2:4.13.14+dfsg-0ubuntu0.21.10.1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2:4.13.14+dfsg-0ubuntu0.21.04.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2:4.13.14+dfsg-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage