vulnerability

Debian: CVE-2018-16851: samba -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:N/A:P)	Aug 14, 2018	Nov 28, 2018	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Aug 14, 2018

Added

Nov 28, 2018

Modified

Mar 30, 2026

Description

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

Solution

debian-upgrade-samba

References

CVE-2018-16851
https://attackerkb.com/topics/CVE-2018-16851
CWE-476
DEBIAN-DSA-4345
EUVD-EUVD-2018-8645
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-8645

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report