CVE-2022-2127
Samba: out-of-bounds read in winbind auth_crap
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
0th
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
| CWE | CWE-125 |
| Vendor | red hat |
| Product | red hat enterprise linux 8 |
| Published | Jul 20, 2023 |
| Last Updated | Nov 20, 2025 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 8
Be the first to know when new medium vulnerabilities affecting red hat red hat enterprise linux 8 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Storage 3
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6667 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7139 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0423 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0580 access.redhat.com: https://access.redhat.com/security/cve/CVE-2022-2127 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2222791 samba.org: https://www.samba.org/samba/security/CVE-2022-2127.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ security.netapp.com: https://security.netapp.com/advisory/ntap-20230731-0010/ debian.org: https://www.debian.org/security/2023/dsa-5477