Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 211 CRITICAL 7 HIGH 78 MEDIUM 108 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • オープンソース
  • GPL v3
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
32 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
33 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
34 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
35 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
36 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
37 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
38 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
39 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
40 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
41 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
42 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
43 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
44 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
45 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
46 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 5 31 48 1
47 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 6 34 53 6
48 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
49 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
50 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
51 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
52 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
53 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
54 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
55 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
56 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
57 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
58 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
59 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
60 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
61 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
62 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 5.4
- 		MEDIUM
Network 		A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This is… CWE-416
 Use After Free 		CVE-2022-32746 cpe:2.3:a:samba:samba:*:* 4.16.0
4.15.0
4.3.0



4.16.4
4.15.9
4.14.14 		2024-11-21 16:06
2022-08-26 		Show GitHub Exploit DB Packet Storm
32 8.1
- 		HIGH
Network 		A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. CWE-125
CWE-908
Out-of-bounds Read
 Use of Uninitialized Resource 		CVE-2022-32745 cpe:2.3:a:samba:samba:*:* 4.16.0
4.13.14
4.15.2



4.16.4
4.14.14
4.15.9 		2024-11-21 16:06
2022-08-26 		Show GitHub Exploit DB Packet Storm
33 8.8
- 		HIGH
Network 		A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabl… CWE-290
 Authentication Bypass by Spoofing 		CVE-2022-32744 cpe:2.3:a:samba:samba:*:* 4.16.0
4.15.0
4.3.0



4.16.4
4.15.9
4.14.14 		2024-11-21 16:06
2022-08-26 		Show GitHub Exploit DB Packet Storm
34 4.3
- 		MEDIUM
Network 		A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into… NVD-CWE-noinfo
CVE-2022-32742 cpe:2.3:a:samba:samba:*:*
4.16.0
4.15.0



4.14.14
4.16.4
4.15.9 		2024-11-21 16:06
2022-08-26 		Show GitHub Exploit DB Packet Storm
35 8.8
- 		HIGH
Network 		A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has bee… CWE-287
Improper Authentication 		CVE-2022-2031 cpe:2.3:a:samba:samba:*:* 4.16.0
4.15.0



4.16.4
4.15.9
4.14.14 		2024-11-21 16:00
2022-08-26 		Show GitHub Exploit DB Packet Storm
36 6.5
- 		MEDIUM
Network 		MaxQueryDuration not honoured in Samba AD DC LDAP NVD-CWE-noinfo
CVE-2021-3670 cpe:2.3:a:samba:samba:*:* 4.1.0 2024-11-21 15:22
2022-08-24 		Show GitHub Exploit DB Packet Storm
37 6.8
- 		MEDIUM
Network 		A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of t… CWE-362
Race Condition 		CVE-2021-20316 cpe:2.3:a:samba:samba:*:* 4.15.0 2024-11-21 14:46
2022-08-24 		Show GitHub Exploit DB Packet Storm
38 8.8
6.5 		HIGH
Network 		Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued ticket… CWE-20
 Improper Input Validation  		CVE-2020-25721 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.13.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:18
2022-03-17 		Show GitHub Exploit DB Packet Storm
39 8.8
6.5 		HIGH
Network 		In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sa… CWE-416
 Use After Free 		CVE-2021-3738 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.0.0



4.15.2
4.14.10
4.13.14 		2024-11-21 15:22
2022-03-3 		Show GitHub Exploit DB Packet Storm
40 7.5
5.0 		HIGH
Network 		A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their … NVD-CWE-noinfo
CVE-2021-23192 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.10.0



4.15.2
4.14.10
4.13.14 		2024-11-21 14:51
2022-03-3 		Show GitHub Exploit DB Packet Storm