VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-x55t-cux2-q3gw

Vulnerability ID	VCID-x55t-cux2-q3gw
Aliases	CVE-2015-5252
Summary	vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Status	Published
Exploitability	0.5
Weighted Severity	0.2
Risk	0.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-41

System	Score	Found at
epss	0.17333	https://api.first.org/data/v1/epss?cve=CVE-2015-5252
epss	0.17333	https://api.first.org/data/v1/epss?cve=CVE-2015-5252
cvssv2	6.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5252.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-5252
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1290288		https://bugzilla.redhat.com/show_bug.cgi?id=1290288
GLSA-201612-47		https://security.gentoo.org/glsa/201612-47
RHSA-2016:0006		https://access.redhat.com/errata/RHSA-2016:0006
RHSA-2016:0010		https://access.redhat.com/errata/RHSA-2016:0010
RHSA-2016:0011		https://access.redhat.com/errata/RHSA-2016:0011
RHSA-2016:0015		https://access.redhat.com/errata/RHSA-2016:0015
RHSA-2016:0016		https://access.redhat.com/errata/RHSA-2016:0016
USN-2855-1		https://usn.ubuntu.com/2855-1/

No exploits are available.

Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T17:10:38.888886+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0