Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tyhs-5xjv-c7b5
Vulnerability ID VCID-tyhs-5xjv-c7b5
Aliases CVE-2015-3223
Summary The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
Status Published
Exploitability 0.5
Weighted Severity 0.2
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
epss 0.20255 https://api.first.org/data/v1/epss?cve=CVE-2015-3223
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3223.json
https://api.first.org/data/v1/epss?cve=CVE-2015-3223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467
1290287 https://bugzilla.redhat.com/show_bug.cgi?id=1290287
GLSA-201612-47 https://security.gentoo.org/glsa/201612-47
RHSA-2016:0009 https://access.redhat.com/errata/RHSA-2016:0009
RHSA-2016:0014 https://access.redhat.com/errata/RHSA-2016:0014
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.95629
EPSS Score 0.20255
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:39:58.276096+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0