VulnerableCode Package Details - pkg:alpm/archlinux/samba@4.17.5-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4y3f-523m-aaak	Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).	CVE-2022-45141
VCID-djmc-t9ae-aaap	Netlogon RPC Elevation of Privilege Vulnerability.	CVE-2022-38023
VCID-m9ne-ccbr-aaak	A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.	CVE-2022-3437
VCID-qr91-uuuy-aaas	PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."	CVE-2022-42898
VCID-vpyw-hewy-aaap	Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.	CVE-2022-37966
VCID-x7df-8cm1-aaaj	Windows Kerberos Elevation of Privilege Vulnerability.	CVE-2022-37967
VCID-xkcz-7qfm-aaab	A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772.	CVE-2022-3492

Vulnerability

Summary

Aliases

VCID-4y3f-523m-aaak

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

CVE-2022-45141

VCID-djmc-t9ae-aaap

Netlogon RPC Elevation of Privilege Vulnerability.

CVE-2022-38023

VCID-m9ne-ccbr-aaak

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

CVE-2022-3437

VCID-qr91-uuuy-aaas

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

CVE-2022-42898

VCID-vpyw-hewy-aaap

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.

CVE-2022-37966

VCID-x7df-8cm1-aaaj

Windows Kerberos Elevation of Privilege Vulnerability.

CVE-2022-37967

VCID-xkcz-7qfm-aaab

A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772.

CVE-2022-3492

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:00.668116+00:00	Arch Linux Importer	Fixing	VCID-m9ne-ccbr-aaak	https://security.archlinux.org/AVG-2828	36.0.0
2025-03-28T07:44:00.637260+00:00	Arch Linux Importer	Fixing	VCID-xkcz-7qfm-aaab	https://security.archlinux.org/AVG-2828	36.0.0
2025-03-28T07:44:00.605792+00:00	Arch Linux Importer	Fixing	VCID-vpyw-hewy-aaap	https://security.archlinux.org/AVG-2828	36.0.0
2025-03-28T07:44:00.576958+00:00	Arch Linux Importer	Fixing	VCID-x7df-8cm1-aaaj	https://security.archlinux.org/AVG-2828	36.0.0
2025-03-28T07:44:00.546364+00:00	Arch Linux Importer	Fixing	VCID-djmc-t9ae-aaap	https://security.archlinux.org/AVG-2828	36.0.0
2025-03-28T07:44:00.517905+00:00	Arch Linux Importer	Fixing	VCID-qr91-uuuy-aaas	https://security.archlinux.org/AVG-2828	36.0.0
2025-03-28T07:44:00.490161+00:00	Arch Linux Importer	Fixing	VCID-4y3f-523m-aaak	https://security.archlinux.org/AVG-2828	36.0.0
2024-09-18T01:59:09.019114+00:00	Arch Linux Importer	Fixing	VCID-m9ne-ccbr-aaak	https://security.archlinux.org/AVG-2828	34.0.1
2024-09-18T01:59:08.997458+00:00	Arch Linux Importer	Fixing	VCID-xkcz-7qfm-aaab	https://security.archlinux.org/AVG-2828	34.0.1
2024-09-18T01:59:08.974498+00:00	Arch Linux Importer	Fixing	VCID-vpyw-hewy-aaap	https://security.archlinux.org/AVG-2828	34.0.1
2024-09-18T01:59:08.949471+00:00	Arch Linux Importer	Fixing	VCID-x7df-8cm1-aaaj	https://security.archlinux.org/AVG-2828	34.0.1
2024-09-18T01:59:08.924831+00:00	Arch Linux Importer	Fixing	VCID-djmc-t9ae-aaap	https://security.archlinux.org/AVG-2828	34.0.1
2024-09-18T01:59:08.899773+00:00	Arch Linux Importer	Fixing	VCID-qr91-uuuy-aaas	https://security.archlinux.org/AVG-2828	34.0.1
2024-09-18T01:59:08.874846+00:00	Arch Linux Importer	Fixing	VCID-4y3f-523m-aaak	https://security.archlinux.org/AVG-2828	34.0.1
2024-01-03T22:25:26.913279+00:00	Arch Linux Importer	Fixing	VCID-m9ne-ccbr-aaak	https://security.archlinux.org/AVG-2828	34.0.0rc1
2024-01-03T22:25:26.891083+00:00	Arch Linux Importer	Fixing	VCID-xkcz-7qfm-aaab	https://security.archlinux.org/AVG-2828	34.0.0rc1
2024-01-03T22:25:26.869294+00:00	Arch Linux Importer	Fixing	VCID-vpyw-hewy-aaap	https://security.archlinux.org/AVG-2828	34.0.0rc1
2024-01-03T22:25:26.845527+00:00	Arch Linux Importer	Fixing	VCID-x7df-8cm1-aaaj	https://security.archlinux.org/AVG-2828	34.0.0rc1
2024-01-03T22:25:26.823906+00:00	Arch Linux Importer	Fixing	VCID-djmc-t9ae-aaap	https://security.archlinux.org/AVG-2828	34.0.0rc1
2024-01-03T22:25:26.802275+00:00	Arch Linux Importer	Fixing	VCID-qr91-uuuy-aaas	https://security.archlinux.org/AVG-2828	34.0.0rc1
2024-01-03T22:25:26.782130+00:00	Arch Linux Importer	Fixing	VCID-4y3f-523m-aaak	https://security.archlinux.org/AVG-2828	34.0.0rc1

2025-03-28T07:44:00.668116+00:00

Arch Linux Importer

Fixing