Unrated severityNVD Advisory· Published Jul 20, 2023· Updated Nov 20, 2025

Samba: smb2 packet signing is not enforced when "server signing = required" is set

CVE-2023-3347

Description

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Affected products

Red Hat/Enterprise Linuxcpe-rescue4 versions
cpe:/a:redhat:enterprise_linux:9::appstream+ 3 more
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:4.17.5-103.el9_2
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8::baseosrange: 0:4.17.5-3.el8_8
Red Hat/Red Hat Storage 3v5
cpe:/a:redhat:storage:3
osv-coords38 versions
pkg:rpm/almalinux/ctdb pkg:rpm/almalinux/libnetapi pkg:rpm/almalinux/libnetapi-devel pkg:rpm/almalinux/libsmbclient pkg:rpm/almalinux/libsmbclient-devel pkg:rpm/almalinux/libwbclient pkg:rpm/almalinux/libwbclient-devel pkg:rpm/almalinux/python3-samba pkg:rpm/almalinux/python3-samba-dc pkg:rpm/almalinux/python3-samba-devel pkg:rpm/almalinux/python3-samba-test pkg:rpm/almalinux/samba pkg:rpm/almalinux/samba-client pkg:rpm/almalinux/samba-client-libs pkg:rpm/almalinux/samba-common pkg:rpm/almalinux/samba-common-libs pkg:rpm/almalinux/samba-common-tools pkg:rpm/almalinux/samba-dcerpc pkg:rpm/almalinux/samba-dc-libs pkg:rpm/almalinux/samba-devel pkg:rpm/almalinux/samba-krb5-printing pkg:rpm/almalinux/samba-ldb-ldap-modules pkg:rpm/almalinux/samba-libs pkg:rpm/almalinux/samba-pidl pkg:rpm/almalinux/samba-test pkg:rpm/almalinux/samba-test-libs pkg:rpm/almalinux/samba-tools pkg:rpm/almalinux/samba-usershares pkg:rpm/almalinux/samba-vfs-iouring pkg:rpm/almalinux/samba-winbind pkg:rpm/almalinux/samba-winbind-clients pkg:rpm/almalinux/samba-winbind-krb5-locator pkg:rpm/almalinux/samba-winbind-modules pkg:rpm/almalinux/samba-winexe pkg:rpm/opensuse/samba&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5
< 4.17.5-103.el9_2.alma+ 37 more
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.5-103.el9_2.alma
- (no CPE)range: < 4.17.9+git.367.dae41ffdd1f-150500.3.5.1
- (no CPE)range: < 4.18.5+git.313.c8e274c7852-1.1
- (no CPE)range: < 4.17.9+git.367.dae41ffdd1f-150500.3.5.1
- (no CPE)range: < 4.17.9+git.367.dae41ffdd1f-150500.3.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2023:4325mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2023:4328mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2023-3347mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
www.samba.org/samba/security/CVE-2023-3347.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000