rpm package

opensuse/samba&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed

Vulnerabilities (166)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-10230	Cri	10.0	< 4.22.5+git.431.dc5a539f124-1.1	4.22.5+git.431.dc5a539f124-1.1	Nov 7, 2025	A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the
CVE-2025-9640	Med	4.3	< 4.22.5+git.431.dc5a539f124-1.1	4.22.5+git.431.dc5a539f124-1.1	Oct 15, 2025	A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln
CVE-2025-0620		—	< 4.22.2+git.396.c752843dcf4-1.1	4.22.2+git.396.c752843dcf4-1.1	Jun 6, 2025	A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
CVE-2023-4154		—	< 4.19.1+git.312.c912b3d2ef6-1.1	4.19.1+git.312.c912b3d2ef6-1.1	Nov 7, 2023	A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc
CVE-2023-42669		—	< 4.19.1+git.312.c912b3d2ef6-1.1	4.19.1+git.312.c912b3d2ef6-1.1	Nov 6, 2023	A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on
CVE-2023-3961		—	< 4.19.1+git.312.c912b3d2ef6-1.1	4.19.1+git.312.c912b3d2ef6-1.1	Nov 3, 2023	A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic
CVE-2023-42670		—	< 4.19.1+git.312.c912b3d2ef6-1.1	4.19.1+git.312.c912b3d2ef6-1.1	Nov 3, 2023	A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for
CVE-2023-4091		—	< 4.19.1+git.312.c912b3d2ef6-1.1	4.19.1+git.312.c912b3d2ef6-1.1	Nov 3, 2023	A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque
CVE-2023-5568		—	< 4.19.2+git.322.7e9201cef5-1.1	4.19.2+git.322.7e9201cef5-1.1	Oct 24, 2023	A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
CVE-2023-34968		—	< 4.18.5+git.313.c8e274c7852-1.1	4.18.5+git.313.c8e274c7852-1.1	Jul 20, 2023	A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
CVE-2023-34967		—	< 4.18.5+git.313.c8e274c7852-1.1	4.18.5+git.313.c8e274c7852-1.1	Jul 20, 2023	A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
CVE-2023-34966		—	< 4.18.5+git.313.c8e274c7852-1.1	4.18.5+git.313.c8e274c7852-1.1	Jul 20, 2023	An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
CVE-2023-3347		—	< 4.18.5+git.313.c8e274c7852-1.1	4.18.5+git.313.c8e274c7852-1.1	Jul 20, 2023	A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per
CVE-2022-2127		—	< 4.18.5+git.313.c8e274c7852-1.1	4.18.5+git.313.c8e274c7852-1.1	Jul 20, 2023	An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to
CVE-2023-0922		—	< 4.18.1+git.298.4ccf830b2a4-1.1	4.18.1+git.298.4ccf830b2a4-1.1	Apr 3, 2023	The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
CVE-2023-0614		—	< 4.18.1+git.298.4ccf830b2a4-1.1	4.18.1+git.298.4ccf830b2a4-1.1	Apr 3, 2023	The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
CVE-2023-0225		—	< 4.18.1+git.298.4ccf830b2a4-1.1	4.18.1+git.298.4ccf830b2a4-1.1	Apr 3, 2023	A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
CVE-2021-20251		—	< 4.17.1+git.270.17afe7cb6b-1.1	4.17.1+git.270.17afe7cb6b-1.1	Mar 6, 2023	A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
CVE-2018-14628		—	< 4.19.4+git.339.acf1ccaa020-1.1	4.19.4+git.339.acf1ccaa020-1.1	Jan 17, 2023	An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
CVE-2022-3592		—	< 4.17.2+git.273.a55a83528b9-1.1	4.17.2+git.273.a55a83528b9-1.1	Jan 12, 2023	A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS t

CVE-2025-10230CriNov 7, 2025
affected < 4.22.5+git.431.dc5a539f124-1.1fixed 4.22.5+git.431.dc5a539f124-1.1
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the
CVE-2025-9640MedOct 15, 2025
affected < 4.22.5+git.431.dc5a539f124-1.1fixed 4.22.5+git.431.dc5a539f124-1.1
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln
CVE-2025-0620Jun 6, 2025
affected < 4.22.2+git.396.c752843dcf4-1.1fixed 4.22.2+git.396.c752843dcf4-1.1
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
CVE-2023-4154Nov 7, 2023
affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc
CVE-2023-42669Nov 6, 2023
affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on
CVE-2023-3961Nov 3, 2023
affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, whic
CVE-2023-42670Nov 3, 2023
affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for
CVE-2023-4091Nov 3, 2023
affected < 4.19.1+git.312.c912b3d2ef6-1.1fixed 4.19.1+git.312.c912b3d2ef6-1.1
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque
CVE-2023-5568Oct 24, 2023
affected < 4.19.2+git.322.7e9201cef5-1.1fixed 4.19.2+git.322.7e9201cef5-1.1
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
CVE-2023-34968Jul 20, 2023
affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
CVE-2023-34967Jul 20, 2023
affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
CVE-2023-34966Jul 20, 2023
affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
CVE-2023-3347Jul 20, 2023
affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to per
CVE-2022-2127Jul 20, 2023
affected < 4.18.5+git.313.c8e274c7852-1.1fixed 4.18.5+git.313.c8e274c7852-1.1
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to
CVE-2023-0922Apr 3, 2023
affected < 4.18.1+git.298.4ccf830b2a4-1.1fixed 4.18.1+git.298.4ccf830b2a4-1.1
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
CVE-2023-0614Apr 3, 2023
affected < 4.18.1+git.298.4ccf830b2a4-1.1fixed 4.18.1+git.298.4ccf830b2a4-1.1
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
CVE-2023-0225Apr 3, 2023
affected < 4.18.1+git.298.4ccf830b2a4-1.1fixed 4.18.1+git.298.4ccf830b2a4-1.1
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
CVE-2021-20251Mar 6, 2023
affected < 4.17.1+git.270.17afe7cb6b-1.1fixed 4.17.1+git.270.17afe7cb6b-1.1
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
CVE-2018-14628Jan 17, 2023
affected < 4.19.4+git.339.acf1ccaa020-1.1fixed 4.19.4+git.339.acf1ccaa020-1.1
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
CVE-2022-3592Jan 12, 2023
affected < 4.17.2+git.273.a55a83528b9-1.1fixed 4.17.2+git.273.a55a83528b9-1.1
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS t

Page 1 of 9