vulnerability

Ubuntu: (Multiple Advisories) (CVE-2018-16851): Samba vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Aug 14, 2018

Added

Dec 4, 2018

Modified

Mar 27, 2026

Description

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

Solution

ubuntu-upgrade-samba

References

CVE-2018-16851
https://attackerkb.com/topics/CVE-2018-16851
CWE-476
DEBIAN-DSA-4345
EUVD-EUVD-2018-8645
NVD-CVE-2018-16851
UBUNTU-USN-3827-1
UBUNTU-USN-3827-2
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-8645

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report