CVE-2022-3592

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3592

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3592.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3592

Downstream

ALPINE-CVE-2022-3592

openSUSE-SU-2024:12454-1

Related

Published

2023-01-12T15:15:10Z

Modified

2025-10-10T04:07:41.461162Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type: GIT
Repo: https://github.com/samba-team/samba
Events: Introduced

fbec737d9d3d992b54f52defcba62a304efef8f7

Fixed

21f995104c870cdfbdb0db61e290b2da8bc87ee1

Affected versions

samba-4.*

samba-4.17.0

samba-4.17.1