Unrated severityNVD Advisory· Published Jul 20, 2023· Updated Nov 20, 2025

Samba: out-of-bounds read in winbind auth_crap

CVE-2022-2127

Description

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

Affected products

Red Hat/Red Hat Enterprise Linux 8v5
cpe:/a:redhat:enterprise_linux:8::crb
Range: 0:4.18.6-1.el8
Red Hat/Red Hat Enterprise Linux 9v5
cpe:/a:redhat:enterprise_linux:9::resilientstorage
Range: 0:4.18.6-100.el9
Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5
cpe:/a:redhat:rhel_eus:8.8::crb
Range: 0:4.17.5-5.el8_8
Red Hat/Red Hat Storage 3v5
cpe:/a:redhat:storage:3
Red Hat/Red Hat Enterprise Linux 6v5
cpe:/o:redhat:enterprise_linux:6
Red Hat/Red Hat Enterprise Linux 7v5
cpe:/o:redhat:enterprise_linux:7
Red Hat/Red Hat Virtualization 4 for Red Hat Enterprise Linux 8v5
cpe:/o:redhat:rhev_hypervisor:4.4::el8
Range: 0:4.15.5-15.el8_6
osv-coords74 versions
pkg:rpm/almalinux/ctdb pkg:rpm/almalinux/libnetapi pkg:rpm/almalinux/libnetapi-devel pkg:rpm/almalinux/libsmbclient pkg:rpm/almalinux/libsmbclient-devel pkg:rpm/almalinux/libwbclient pkg:rpm/almalinux/libwbclient-devel pkg:rpm/almalinux/python3-samba pkg:rpm/almalinux/python3-samba-dc pkg:rpm/almalinux/python3-samba-devel pkg:rpm/almalinux/python3-samba-test pkg:rpm/almalinux/samba pkg:rpm/almalinux/samba-client pkg:rpm/almalinux/samba-client-libs pkg:rpm/almalinux/samba-common pkg:rpm/almalinux/samba-common-libs pkg:rpm/almalinux/samba-common-tools pkg:rpm/almalinux/samba-dcerpc pkg:rpm/almalinux/samba-dc-libs pkg:rpm/almalinux/samba-devel pkg:rpm/almalinux/samba-krb5-printing pkg:rpm/almalinux/samba-ldb-ldap-modules pkg:rpm/almalinux/samba-libs pkg:rpm/almalinux/samba-pidl pkg:rpm/almalinux/samba-test pkg:rpm/almalinux/samba-test-libs pkg:rpm/almalinux/samba-tools pkg:rpm/almalinux/samba-usershares pkg:rpm/almalinux/samba-vfs-iouring pkg:rpm/almalinux/samba-winbind pkg:rpm/almalinux/samba-winbind-clients pkg:rpm/almalinux/samba-winbind-krb5-locator pkg:rpm/almalinux/samba-winbind-modules pkg:rpm/almalinux/samba-winexe pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/samba&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/samba&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 4.18.6-100.el9+ 73 more
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.18.6-100.el9
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150400.3.28.1
- (no CPE)range: < 4.17.9+git.367.dae41ffdd1f-150500.3.5.1
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150400.3.28.1
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150400.3.28.1
- (no CPE)range: < 4.18.5+git.313.c8e274c7852-1.1
- (no CPE)range: < 4.11.14+git.396.91f4f677472-150200.4.52.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.6.16+git.393.97432483687-3.81.1
- (no CPE)range: < 4.15.13+git.621.c8ae836ff82-3.85.1
- (no CPE)range: < 4.9.5+git.564.996810ca1e3-150100.3.82.3
- (no CPE)range: < 4.11.14+git.396.91f4f677472-150200.4.52.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150400.3.28.1
- (no CPE)range: < 4.17.9+git.367.dae41ffdd1f-150500.3.5.1
- (no CPE)range: < 4.9.5+git.564.996810ca1e3-150100.3.82.3
- (no CPE)range: < 4.11.14+git.396.91f4f677472-150200.4.52.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150400.3.28.1
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150400.3.28.1
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150400.3.28.1
- (no CPE)range: < 4.17.9+git.367.dae41ffdd1f-150500.3.5.1
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.6.16+git.393.97432483687-3.81.1
- (no CPE)range: < 4.6.16+git.393.97432483687-3.81.1
- (no CPE)range: < 4.15.13+git.621.c8ae836ff82-3.85.1
- (no CPE)range: < 4.9.5+git.564.996810ca1e3-150100.3.82.3
- (no CPE)range: < 4.11.14+git.396.91f4f677472-150200.4.52.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.6.16+git.393.97432483687-3.81.1
- (no CPE)range: < 4.15.13+git.621.c8ae836ff82-3.85.1
- (no CPE)range: < 4.9.5+git.564.996810ca1e3-150100.3.82.3
- (no CPE)range: < 4.11.14+git.396.91f4f677472-150200.4.52.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.15.13+git.621.c8ae836ff82-3.85.1
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.15.13+git.663.9c654e06cdb-150300.3.57.5
- (no CPE)range: < 4.6.16+git.393.97432483687-3.81.1
- (no CPE)range: < 4.6.16+git.393.97432483687-3.81.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2023:6667mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2023:7139mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0423mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:0580mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2022-2127mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
www.samba.org/samba/security/CVE-2022-2127.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000