Search for vulnerabilities
Vulnerability details: VCID-m9ne-ccbr-aaak
Vulnerability ID VCID-m9ne-ccbr-aaak
Aliases CVE-2022-3437
Summary A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3437.json
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00545 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00768 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
epss 0.02174 https://api.first.org/data/v1/epss?cve=CVE-2022-3437
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3437
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3437
archlinux Unknown https://security.archlinux.org/AVG-2828
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3437.json
https://access.redhat.com/security/cve/CVE-2022-3437
https://api.first.org/data/v1/epss?cve=CVE-2022-3437
https://bugzilla.redhat.com/show_bug.cgi?id=2137774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4091
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
https://security.gentoo.org/glsa/202309-06
https://security.netapp.com/advisory/ntap-20230216-0008/
https://www.samba.org/samba/security/CVE-2022-3437.html
http://www.openwall.com/lists/oss-security/2023/02/08/1
1024187 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187
AVG-2828 https://security.archlinux.org/AVG-2828
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-3437 https://nvd.nist.gov/vuln/detail/CVE-2022-3437
GLSA-202310-06 https://security.gentoo.org/glsa/202310-06
USN-5800-1 https://usn.ubuntu.com/5800-1/
USN-5822-1 https://usn.ubuntu.com/5822-1/
USN-5936-1 https://usn.ubuntu.com/5936-1/
USN-7582-1 https://usn.ubuntu.com/7582-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3437.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3437
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3437
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61669
EPSS Score 0.00431
Published At June 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.