CVE-2022-44640

Note

per upstream Samba, this vulnerability doesn't actually affect
Samba, but the code has been patched in case the API is used in
the future. See the following post:
https://bugzilla.samba.org/show_bug.cgi?id=14929#c15

Package	Release	Status
heimdal Launchpad, Ubuntu, Debian	jammy	Needed
	kinetic	Ignored (end of life, was needed)
	lunar	Needed
	upstream	Released (7.7.1, 7.8, 7.8.git20221115.a6cf945+dfsg-1)
	xenial	Released (1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	bionic	Released (7.5.0+dfsg-1ubuntu0.3)
	focal	Released (7.7.0+dfsg-1ubuntu1.3)
	trusty	Released (1.6~git20131207+dfsg-1ubuntu1.2+esm3) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	Patches: upstream: https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e (heimdal-7.7.1)
	Binaries built from this source package are in Universe and so are supported by the community.
samba Launchpad, Ubuntu, Debian	trusty	Not vulnerable
	xenial	Not vulnerable
	bionic	Not vulnerable
	focal	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	upstream	Released (4.15.13,4.17.4,4.16.8)
	lunar	Not vulnerable
	Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=b4c3ce6fb9b2aebbbe7d802ce48c691a9cabcf4f (4.15) upstream: https://git.samba.org/?p=samba.git;a=commit;h=73c7c6ec9bc3a1993e766f119e9e29905ded5e28 (4.15)

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Security

CVE-2022-44640

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading