CVE-2015-3223

Source
https://nvd.nist.gov/vuln/detail/CVE-2015-3223
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-3223.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2015-3223
Related
Published
2015-12-29T22:59:00Z
Modified
2024-09-18T01:00:22Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

The ldbwildcardcompare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

References

Affected packages

Debian:11 / ldb

Package

Name
ldb
Purl
pkg:deb/debian/ldb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:1.1.24-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / samba

Package

Name
samba
Purl
pkg:deb/debian/samba?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.1.22+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / samba

Package

Name
samba
Purl
pkg:deb/debian/samba?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.1.22+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / samba

Package

Name
samba
Purl
pkg:deb/debian/samba?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.1.22+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}