Search for vulnerabilities
Vulnerability details: VCID-eg82-ea7a-aaad
Vulnerability ID VCID-eg82-ea7a-aaad
Aliases CVE-2014-3560
Summary NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual High http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3560.html
rhas Important https://access.redhat.com/errata/RHSA-2014:1008
rhas Important https://access.redhat.com/errata/RHSA-2014:1009
epss 0.37594 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.37594 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.37594 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.4146 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.48443 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.90286 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.90286 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.90286 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.90286 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.92973 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.92973 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.92973 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.92973 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.92973 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.92973 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.92973 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
epss 0.93392 https://api.first.org/data/v1/epss?cve=CVE-2014-3560
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560
cvssv2 7.9 https://nvd.nist.gov/vuln/detail/CVE-2014-3560
generic_textual High https://ubuntu.com/security/notices/USN-2305-1
generic_textual High http://www.samba.org/samba/security/CVE-2014-3560
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3560.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3560.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3560
https://bugzilla.redhat.com/show_bug.cgi?id=1126010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560
http://secunia.com/advisories/59583
http://secunia.com/advisories/59610
http://secunia.com/advisories/59976
https://exchange.xforce.ibmcloud.com/vulnerabilities/95081
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605
https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
https://ubuntu.com/security/notices/USN-2305-1
http://www.samba.org/samba/security/CVE-2014-3560
http://www.securityfocus.com/bid/69021
http://www.securitytracker.com/id/1030663
http://www.ubuntu.com/usn/USN-2305-1
756759 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756759
cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVE-2014-3560 https://nvd.nist.gov/vuln/detail/CVE-2014-3560
RHSA-2014:1008 https://access.redhat.com/errata/RHSA-2014:1008
RHSA-2014:1009 https://access.redhat.com/errata/RHSA-2014:1009
USN-2305-1 https://usn.ubuntu.com/2305-1/
No exploits are available.
Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3560
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96878
EPSS Score 0.37594
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.