Search for vulnerabilities
Vulnerability details: VCID-xcmk-ewh6-aaak
Vulnerability ID VCID-xcmk-ewh6-aaak
Aliases CVE-2017-14746
Summary Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14746.html
rhas Important https://access.redhat.com/errata/RHSA-2017:3260
rhas Important https://access.redhat.com/errata/RHSA-2017:3261
rhas Important https://access.redhat.com/errata/RHSA-2017:3278
cvssv3 6.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14746.json
epss 0.36709 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.36709 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.36709 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.36709 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.36709 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.37808 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.38634 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.45168 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.45168 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.45168 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
epss 0.77321 https://api.first.org/data/v1/epss?cve=CVE-2017-14746
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1511899
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
cvssv2 9.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14746
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-14746
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-14746
archlinux High https://security.archlinux.org/AVG-535
generic_textual Medium https://ubuntu.com/security/notices/USN-3486-1
generic_textual Medium https://www.samba.org/samba/security/CVE-2017-14746.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14746.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14746.json
https://api.first.org/data/v1/epss?cve=CVE-2017-14746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201805-07
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
https://ubuntu.com/security/notices/USN-3486-1
https://www.debian.org/security/2017/dsa-4043
https://www.samba.org/samba/security/CVE-2017-14746.html
https://www.synology.com/support/security/Synology_SA_17_72_Samba
http://www.securityfocus.com/bid/101907
http://www.securitytracker.com/id/1039856
http://www.ubuntu.com/usn/USN-3486-1
1511899 https://bugzilla.redhat.com/show_bug.cgi?id=1511899
ASA-201712-1 https://security.archlinux.org/ASA-201712-1
AVG-535 https://security.archlinux.org/AVG-535
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2017-14746 https://nvd.nist.gov/vuln/detail/CVE-2017-14746
RHSA-2017:3260 https://access.redhat.com/errata/RHSA-2017:3260
RHSA-2017:3261 https://access.redhat.com/errata/RHSA-2017:3261
RHSA-2017:3278 https://access.redhat.com/errata/RHSA-2017:3278
USN-3486-1 https://usn.ubuntu.com/3486-1/
No exploits are available.
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14746.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-14746
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-14746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-14746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96926
EPSS Score 0.36709
Published At June 13, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.