Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-68mw-cr8k-qfgs
Vulnerability ID VCID-68mw-cr8k-qfgs
Aliases CVE-2015-5330
Summary ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-135 Incorrect Calculation of Multi-Byte String Length
System Score Found at
epss 0.01625 https://api.first.org/data/v1/epss?cve=CVE-2015-5330
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5330.json
https://api.first.org/data/v1/epss?cve=CVE-2015-5330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467
1281326 https://bugzilla.redhat.com/show_bug.cgi?id=1281326
GLSA-201612-47 https://security.gentoo.org/glsa/201612-47
RHSA-2016:0006 https://access.redhat.com/errata/RHSA-2016:0006
RHSA-2016:0009 https://access.redhat.com/errata/RHSA-2016:0009
RHSA-2016:0010 https://access.redhat.com/errata/RHSA-2016:0010
RHSA-2016:0014 https://access.redhat.com/errata/RHSA-2016:0014
RHSA-2016:0015 https://access.redhat.com/errata/RHSA-2016:0015
RHSA-2016:0016 https://access.redhat.com/errata/RHSA-2016:0016
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.82196
EPSS Score 0.01625
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:39:58.290435+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0