Search for vulnerabilities
Vulnerability details: VCID-yswq-c3u2-jkdq
Vulnerability ID VCID-yswq-c3u2-jkdq
Aliases CVE-2018-16852
Summary Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16852.json
epss 0.06629 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06629 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06629 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06629 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06629 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06629 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
epss 0.06747 https://api.first.org/data/v1/epss?cve=CVE-2018-16852
cvssv3 4.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2018-16852
cvssv3 4.4 https://nvd.nist.gov/vuln/detail/CVE-2018-16852
archlinux High https://security.archlinux.org/AVG-823
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16852.json
https://api.first.org/data/v1/epss?cve=CVE-2018-16852
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20181127-0001/
https://www.samba.org/samba/security/CVE-2018-16852.html
http://www.securityfocus.com/bid/106024
1646386 https://bugzilla.redhat.com/show_bug.cgi?id=1646386
ASA-201811-22 https://security.archlinux.org/ASA-201811-22
AVG-823 https://security.archlinux.org/AVG-823
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
CVE-2018-16852 https://nvd.nist.gov/vuln/detail/CVE-2018-16852
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16852.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-16852
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-16852
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90832
EPSS Score 0.06629
Published At Sept. 13, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:58:59.704820+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2018-16852 37.0.0