VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7xu2-vazv-aaak

Essentials
Severities (98)
References (67)
Severity details (16)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-7xu2-vazv-aaak
Aliases	CVE-2021-44142
Summary	The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-125	Out-of-bounds Read
CWE-787	Out-of-bounds Write

System	Score	Found at
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0328
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0329
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0330
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0331
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0332
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0457
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0458
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0663
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:0664
cvssv3	9.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44142.json
epss	0.15392	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.15392	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.15392	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.15392	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.18046	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.22442	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25135	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25288	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.25288	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
epss	0.41196	https://api.first.org/data/v1/epss?cve=CVE-2021-44142
rhbs	urgent	https://bugzilla.redhat.com/show_bug.cgi?id=2046146
cvssv3.1	8.8	https://bugzilla.samba.org/show_bug.cgi?id=14914
ssvc	Track	https://bugzilla.samba.org/show_bug.cgi?id=14914
cvssv3.1	9.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.8	https://kb.cert.org/vuls/id/119678
ssvc	Track	https://kb.cert.org/vuls/id/119678
cvssv2	9.0	https://nvd.nist.gov/vuln/detail/CVE-2021-44142
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2021-44142
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2021-44142
archlinux	Critical	https://security.archlinux.org/AVG-2648
cvssv3.1	8.8	https://security.gentoo.org/glsa/202309-06
ssvc	Track	https://security.gentoo.org/glsa/202309-06
cvssv3.1	8.8	https://www.samba.org/samba/security/CVE-2021-44142.html
ssvc	Track	https://www.samba.org/samba/security/CVE-2021-44142.html
cvssv3.1	8.8	https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
ssvc	Track	https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44142.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-44142
		https://bugzilla.samba.org/show_bug.cgi?id=14914
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://kb.cert.org/vuls/id/119678
		https://security.gentoo.org/glsa/202309-06
		https://www.kb.cert.org/vuls/id/119678
		https://www.samba.org/samba/security/CVE-2021-44142.html
		https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
1004693		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004693
2046146		https://bugzilla.redhat.com/show_bug.cgi?id=2046146
AVG-2648		https://security.archlinux.org/AVG-2648
cpe:2.3:a:redhat:codeready_linux_builder:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:codeready_linux_builder:-:::::::*
cpe:2.3:a:redhat:gluster_storage:3.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage:3.5:::::::*
cpe:2.3:a:redhat:virtualization_host:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
cpe:2.3:a:samba:samba::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba::::::::
cpe:2.3:a:synology:diskstation_manager::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:synology:diskstation_manager::::::::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:8.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
CVE-2021-44142		https://nvd.nist.gov/vuln/detail/CVE-2021-44142
RHSA-2022:0328		https://access.redhat.com/errata/RHSA-2022:0328
RHSA-2022:0329		https://access.redhat.com/errata/RHSA-2022:0329
RHSA-2022:0330		https://access.redhat.com/errata/RHSA-2022:0330
RHSA-2022:0331		https://access.redhat.com/errata/RHSA-2022:0331
RHSA-2022:0332		https://access.redhat.com/errata/RHSA-2022:0332
RHSA-2022:0457		https://access.redhat.com/errata/RHSA-2022:0457
RHSA-2022:0458		https://access.redhat.com/errata/RHSA-2022:0458
RHSA-2022:0663		https://access.redhat.com/errata/RHSA-2022:0663
RHSA-2022:0664		https://access.redhat.com/errata/RHSA-2022:0664
USN-5260-1		https://usn.ubuntu.com/5260-1/
USN-5260-2		https://usn.ubuntu.com/5260-2/
USN-5260-3		https://usn.ubuntu.com/5260-3/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44142.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.samba.org/show_bug.cgi?id=14914

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:30:59Z/ Found at https://bugzilla.samba.org/show_bug.cgi?id=14914

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://kb.cert.org/vuls/id/119678

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:30:59Z/ Found at https://kb.cert.org/vuls/id/119678

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44142

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44142

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44142

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202309-06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:30:59Z/ Found at https://security.gentoo.org/glsa/202309-06

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.samba.org/samba/security/CVE-2021-44142.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:30:59Z/ Found at https://www.samba.org/samba/security/CVE-2021-44142.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:30:59Z/ Found at https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin

Exploit Prediction Scoring System (EPSS)

Percentile	0.94244
EPSS Score	0.15392
Published At	May 11, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44142.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-44142
		https://bugzilla.samba.org/show_bug.cgi?id=14914
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://kb.cert.org/vuls/id/119678
		https://security.gentoo.org/glsa/202309-06
		https://www.kb.cert.org/vuls/id/119678
		https://www.samba.org/samba/security/CVE-2021-44142.html
		https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
1004693		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004693
2046146		https://bugzilla.redhat.com/show_bug.cgi?id=2046146
AVG-2648		https://security.archlinux.org/AVG-2648
cpe:2.3:a:redhat:codeready_linux_builder:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:codeready_linux_builder:-:::::::*
cpe:2.3:a:redhat:gluster_storage:3.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage:3.5:::::::*
cpe:2.3:a:redhat:virtualization_host:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
cpe:2.3:a:samba:samba::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba::::::::
cpe:2.3:a:synology:diskstation_manager::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:synology:diskstation_manager::::::::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:8.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
CVE-2021-44142		https://nvd.nist.gov/vuln/detail/CVE-2021-44142
RHSA-2022:0328		https://access.redhat.com/errata/RHSA-2022:0328
RHSA-2022:0329		https://access.redhat.com/errata/RHSA-2022:0329
RHSA-2022:0330		https://access.redhat.com/errata/RHSA-2022:0330
RHSA-2022:0331		https://access.redhat.com/errata/RHSA-2022:0331
RHSA-2022:0332		https://access.redhat.com/errata/RHSA-2022:0332
RHSA-2022:0457		https://access.redhat.com/errata/RHSA-2022:0457
RHSA-2022:0458		https://access.redhat.com/errata/RHSA-2022:0458
RHSA-2022:0663		https://access.redhat.com/errata/RHSA-2022:0663
RHSA-2022:0664		https://access.redhat.com/errata/RHSA-2022:0664
USN-5260-1		https://usn.ubuntu.com/5260-1/
USN-5260-2		https://usn.ubuntu.com/5260-2/
USN-5260-3		https://usn.ubuntu.com/5260-3/