Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6y1r-n3tf-qbfy
Vulnerability ID VCID-6y1r-n3tf-qbfy
Aliases CVE-2013-4475
Summary Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
Status Published
Exploitability 0.5
Weighted Severity 0.1
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.06902 https://api.first.org/data/v1/epss?cve=CVE-2013-4475
epss 0.06902 https://api.first.org/data/v1/epss?cve=CVE-2013-4475
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4475.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
1024542 https://bugzilla.redhat.com/show_bug.cgi?id=1024542
GLSA-201502-15 https://security.gentoo.org/glsa/201502-15
RHSA-2013:1806 https://access.redhat.com/errata/RHSA-2013:1806
RHSA-2014:0009 https://access.redhat.com/errata/RHSA-2014:0009
USN-2054-1 https://usn.ubuntu.com/2054-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.91547
EPSS Score 0.06902
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:10:38.328134+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0