VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-yt92-mfwy-z7er

Vulnerability ID	VCID-yt92-mfwy-z7er
Aliases	CVE-2016-2112
Summary	The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Status	Published
Exploitability	0.5
Weighted Severity	0.1
Risk	0.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-300

System	Score	Found at
epss	0.16609	https://api.first.org/data/v1/epss?cve=CVE-2016-2112
epss	0.16609	https://api.first.org/data/v1/epss?cve=CVE-2016-2112
cvssv2	4.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2112.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-2112
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1311903		https://bugzilla.redhat.com/show_bug.cgi?id=1311903
GLSA-201612-47		https://security.gentoo.org/glsa/201612-47
RHSA-2016:0611		https://access.redhat.com/errata/RHSA-2016:0611
RHSA-2016:0612		https://access.redhat.com/errata/RHSA-2016:0612
RHSA-2016:0613		https://access.redhat.com/errata/RHSA-2016:0613
RHSA-2016:0614		https://access.redhat.com/errata/RHSA-2016:0614
RHSA-2016:0618		https://access.redhat.com/errata/RHSA-2016:0618
RHSA-2016:0619		https://access.redhat.com/errata/RHSA-2016:0619
RHSA-2016:0620		https://access.redhat.com/errata/RHSA-2016:0620
RHSA-2016:0624		https://access.redhat.com/errata/RHSA-2016:0624
USN-2950-1		https://usn.ubuntu.com/2950-1/

No exploits are available.

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T17:10:39.384093+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0