Unrated severityNVD Advisory· Published Jan 12, 2023· Updated Apr 8, 2025

CVE-2022-3592

Description

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.

Affected products

Samba/Sambadescription
osv-coords
pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
Range: < 4.17.2+git.273.a55a83528b9-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202309-06mitrevendor-advisory
access.redhat.com/security/cve/CVE-2022-3592mitre
bugzilla.redhat.com/show_bug.cgimitre
www.samba.org/samba/security/CVE-2022-3592.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000