CVE-2022-32745
Publication date 27 July 2022
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
Status
Package | Ubuntu Release | Status |
---|---|---|
samba | 24.10 oracular |
Fixed 2:4.16.4+dfsg-2ubuntu1
|
24.04 LTS noble |
Fixed 2:4.16.4+dfsg-2ubuntu1
|
|
22.04 LTS jammy |
Fixed 2:4.15.9+dfsg-0ubuntu0.2
|
|
20.04 LTS focal |
Fixed 2:4.13.17~dfsg-0ubuntu1.20.04.1
|
|
18.04 LTS bionic | Ignored | |
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of ESM support, was needs-triage |
Notes
mdeslaur
combined patches are in bug 15096 Fixing this in Ubuntu 18.04 LTS would require substantial code backports. We will not be fixing this issue in Ubuntu 18.04 LTS. In environments where this is of concern, we recommend updating to a more recent Ubuntu version.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5542-1
- Samba vulnerabilities
- 1 August 2022