FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- buffer overflow in Heimdal unwrap_des3()

Affected packages
samba412 < 4.12.16
samba413 < 4.13.17_4
samba416 < 4.16.6

Details

VuXML ID 1c5f3fd7-54bf-11ed-8d1e-005056a311d1
Discovery 2022-08-02
Entry 2022-10-25

The Samba Team reports:

The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.

References

CVE Name CVE-2022-3437
URL https://www.samba.org/samba/security/CVE-2022-3437.html