QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19344

Published: Jan 21, 2020

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

Vendor	Product	Versions
Red Hat	samba	affected `all samba 4.11.x versions before 4.11.5` affected `all samba 4.10.x versions before 4.10.12` affected `all samba 4.9.x versions before 4.9.18`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344

https://www.samba.org/samba/security/CVE-2019-19344.html

https://security.netapp.com/advisory/ntap-20200122-0001/

https://www.synology.com/security/advisory/Synology_SA_20_01

vendor-advisory

openSUSE-SU-2020:0122

vendor-advisory

FEDORA-2020-6bd386c7eb

vendor-advisory

FEDORA-2020-f92cd0e72b

vendor-advisory

vendor-advisory

[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.