CVE-2022-32742

Name
CVE-2022-32742
Description
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.samba.org/samba/security/CVE-2022-32742.html
GENTOO https://security.gentoo.org/glsa/202309-06
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.16.0 < 4.16.4
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.15.0 < 4.15.9
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= None < 4.14.14

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba 3.13-main 4.13.17-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.14-main 4.14.14-r0 Natanael Copa <ncopa@alpinelinux.org> fixed