vulnerability

Samba CVE-2022-3437: CVE-2022-3437 and CVE-2022-3592. Please see announcements for details.

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jan 12, 2023	Jan 12, 2023	Jun 3, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jan 12, 2023

Added

Jan 12, 2023

Modified

Jun 3, 2026

Description

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Solutions

samba-upgrade-4_15_11samba-upgrade-4_16_6samba-upgrade-4_17_2

References

CVE-2022-3437
https://attackerkb.com/topics/CVE-2022-3437
https://www.samba.org/samba/security/CVE-2022-3437.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-42813
CWE-122
EUVD-EUVD-2022-42813

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report