CVE-2022-44640

Note

per upstream Samba, this vulnerability doesn't actually affect
Samba, but the code has been patched in case the API is used in
the future. See the following post:
https://bugzilla.samba.org/show_bug.cgi?id=14929#c15

Package	Release	Status
heimdal Launchpad, Ubuntu, Debian	bionic	Released (7.5.0+dfsg-1ubuntu0.3)
	focal	Released (7.7.0+dfsg-1ubuntu1.3)
	jammy	Needed
	kinetic	Ignored (end of life, was needed)
	lunar	Ignored (end of life, was needed)
	mantic	Needed
	trusty	Released (1.6~git20131207+dfsg-1ubuntu1.2+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Released (7.7.1, 7.8, 7.8.git20221115.a6cf945+dfsg-1)
	xenial	Released (1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	Patches: upstream: https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e
	Binaries built from this source package are in Universe and so are supported by the community.
samba Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	lunar	Not vulnerable
	mantic	Not vulnerable
	trusty	Not vulnerable
	upstream	Released (4.15.13,4.17.4,4.16.8)
	xenial	Not vulnerable
	Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=b4c3ce6fb9b2aebbbe7d802ce48c691a9cabcf4f upstream: https://git.samba.org/?p=samba.git;a=commit;h=73c7c6ec9bc3a1993e766f119e9e29905ded5e28

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-44640

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading