Vulnerability CVE-2022-32742: Information

Description

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-32742
Published: Aug. 25, 2022
Modified: April 22, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sambasisyphus4.15.9-alt14.20.1-alt2ALT-PU-2022-2322-1304593Fixed
sambasisyphus_e2k4.15.9-alt14.20.1-alt1ALT-PU-2022-5705-1-Fixed
sambasisyphus_riscv644.15.9-alt14.20.1-alt2ALT-PU-2022-5651-1-Fixed
sambap104.15.9-alt14.19.6-alt2ALT-PU-2022-2438-1302667Fixed
sambap10_e2k4.15.9-alt14.19.6-alt2ALT-PU-2022-5796-1-Fixed
sambac10f14.15.9-alt14.16.11-alt2ALT-PU-2022-2438-1302667Fixed
sambac9f24.14.14-alt0.c9.14.14.14-alt0.c9.1ALT-PU-2023-1616-1316738Fixed
sambap114.15.9-alt14.20.1-alt1ALT-PU-2022-2322-1304593Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.samba.org/samba/security/CVE-2022-32742.html
  • Vendor Advisory
GLSA-202309-06
    [debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update

        1. Configuration 1

          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          Start including
          4.16.0
          End excliding
          4.16.4
          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          Start including
          4.15.0
          End excliding
          4.15.9
          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          End excliding
          4.14.14
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top