Unrated severityNVD Advisory· Published Sep 1, 2022· Updated Aug 3, 2024

CVE-2022-1615

Description

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

Affected products

Samba/Sambadescription
osv-coords91 versions
pkg:apk/chainguard/libauth-samba pkg:apk/chainguard/libsmbclient pkg:apk/chainguard/libwbclient pkg:apk/chainguard/py3.13-samba pkg:apk/chainguard/samba pkg:apk/chainguard/samba-client pkg:apk/chainguard/samba-common pkg:apk/chainguard/samba-common-server-libs pkg:apk/chainguard/samba-common-tools pkg:apk/chainguard/samba-dev pkg:apk/chainguard/samba-libnss-winbind pkg:apk/chainguard/samba-libs pkg:apk/chainguard/samba-libs-py3 pkg:apk/chainguard/samba-pam-winbind pkg:apk/chainguard/samba-server pkg:apk/chainguard/samba-server-libs pkg:apk/chainguard/samba-test pkg:apk/chainguard/samba-util-libs pkg:apk/chainguard/samba-winbind-clients pkg:apk/chainguard/samba-winbind-krb5-locator pkg:apk/chainguard/winbind pkg:apk/wolfi/libauth-samba pkg:apk/wolfi/libsmbclient pkg:apk/wolfi/libwbclient pkg:apk/wolfi/py3.13-samba pkg:apk/wolfi/samba pkg:apk/wolfi/samba-client pkg:apk/wolfi/samba-common pkg:apk/wolfi/samba-common-server-libs pkg:apk/wolfi/samba-common-tools pkg:apk/wolfi/samba-dev pkg:apk/wolfi/samba-libnss-winbind pkg:apk/wolfi/samba-libs pkg:apk/wolfi/samba-libs-py3 pkg:apk/wolfi/samba-pam-winbind pkg:apk/wolfi/samba-server pkg:apk/wolfi/samba-server-libs pkg:apk/wolfi/samba-test pkg:apk/wolfi/samba-util-libs pkg:apk/wolfi/samba-winbind-clients pkg:apk/wolfi/samba-winbind-krb5-locator pkg:apk/wolfi/winbind pkg:rpm/almalinux/ctdb pkg:rpm/almalinux/libnetapi pkg:rpm/almalinux/libnetapi-devel pkg:rpm/almalinux/libsmbclient pkg:rpm/almalinux/libsmbclient-devel pkg:rpm/almalinux/libwbclient pkg:rpm/almalinux/libwbclient-devel pkg:rpm/almalinux/python3-samba pkg:rpm/almalinux/python3-samba-dc pkg:rpm/almalinux/python3-samba-devel pkg:rpm/almalinux/python3-samba-test pkg:rpm/almalinux/samba pkg:rpm/almalinux/samba-client pkg:rpm/almalinux/samba-client-libs pkg:rpm/almalinux/samba-common pkg:rpm/almalinux/samba-common-libs pkg:rpm/almalinux/samba-common-tools pkg:rpm/almalinux/samba-dcerpc pkg:rpm/almalinux/samba-dc-libs pkg:rpm/almalinux/samba-devel pkg:rpm/almalinux/samba-krb5-printing pkg:rpm/almalinux/samba-ldb-ldap-modules pkg:rpm/almalinux/samba-libs pkg:rpm/almalinux/samba-pidl pkg:rpm/almalinux/samba-test pkg:rpm/almalinux/samba-test-libs pkg:rpm/almalinux/samba-tools pkg:rpm/almalinux/samba-usershares pkg:rpm/almalinux/samba-vfs-iouring pkg:rpm/almalinux/samba-winbind pkg:rpm/almalinux/samba-winbind-clients pkg:rpm/almalinux/samba-winbind-krb5-locator pkg:rpm/almalinux/samba-winbind-modules pkg:rpm/almalinux/samba-winexe pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%20Micro%205.2 pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 4.23.2-r0+ 90 more
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.23.2-r0
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.17.5-102.el9
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150300.3.40.2
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150400.3.14.1
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150300.3.40.2
- (no CPE)range: < 4.13.13+git.554.0742ec9cb74-150200.3.18.2
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150300.3.40.2
- (no CPE)range: < 4.15.8+git.473.1a1018e0a0b-3.71.2
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150300.3.40.2
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150400.3.14.1
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150300.3.40.2
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150300.3.40.2
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150400.3.14.1
- (no CPE)range: < 4.15.8+git.527.8d0c05d313e-150300.3.40.2
- (no CPE)range: < 4.15.8+git.473.1a1018e0a0b-3.71.2
- (no CPE)range: < 4.15.8+git.473.1a1018e0a0b-3.71.2
- (no CPE)range: < 4.15.8+git.473.1a1018e0a0b-3.71.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P/mitrevendor-advisory
security.gentoo.org/glsa/202309-06mitrevendor-advisory
bugzilla.samba.org/show_bug.cgimitre
gitlab.com/samba-team/samba/-/merge_requests/2644mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000