{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-23192", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T19:05:55.765Z", "dateReserved": "2021-10-20T00:00:00", "datePublished": "2022-03-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-17T08:06:37.021661"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "Affects samba v4.10.0 to 4.15.1, Fixed in samba v4.15.2, v4.14.10 and v4.13.14.", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019666"}, {"url": "https://www.samba.org/samba/security/CVE-2021-23192.html"}, {"url": "https://ubuntu.com/security/CVE-2021-23192"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 - Improper Input Validation.", "cweId": "CWE-20"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:05:55.765Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019666", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2021-23192.html", "tags": ["x_transferred"]}, {"url": "https://ubuntu.com/security/CVE-2021-23192", "tags": ["x_transferred"]}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "080C2937-B3B7-4246-B2E7-D5F714BCD724", "versionEndExcluding": "4.13.14", "versionStartIncluding": "4.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2BD5F53-14DC-4BBF-8E5D-A1DBD24B5F02", "versionEndExcluding": "4.14.10", "versionStartIncluding": "4.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F33C9B3-33EE-431B-93CF-B738D05BBD0A", "versionEndExcluding": "4.15.2", "versionStartIncluding": "4.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements."}, {"lang": "es", "value": "Se ha encontrado un fallo en la forma en que samba implementa DCE/RPC. Si un cliente a un servidor Samba enviaba una petici\u00f3n DCE/RPC muy grande, y eleg\u00eda fragmentarla, un atacante pod\u00eda reemplazar los fragmentos posteriores con sus propios datos, omitiendo los requisitos de firma"}], "id": "CVE-2021-23192", "lastModified": "2023-09-17T09:15:09.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-02T23:15:08.403", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019666"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/CVE-2021-23192"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2021-23192.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Stefan Metzmacher (SerNet) for reporting this issue. Upstream acknowledges the Samba project as the original reporter.", "affected_release": [{"advisory": "RHSA-2021:5082", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "samba-0:4.14.5-7.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5082", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "samba-0:4.14.5-7.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2022:0008", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "samba-0:4.13.3-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-04T00:00:00Z"}, {"advisory": "RHSA-2021:4843", "cpe": "cpe:/a:redhat:storage:3.5:samba:el8", "package": "samba-0:4.14.5-204.el8rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 8", "release_date": "2021-11-29T00:00:00Z"}], "bugzilla": {"description": "samba: Subsequent DCE/RPC fragment injection vulnerability", "id": "2019666", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019666"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "details": ["A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.", "A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements."], "mitigation": {"lang": "en:us", "value": "Setting \n~~~\ndcesrv:max auth states=0\n~~~\nin the smb.conf will provide some mitigation against this issue."}, "name": "CVE-2021-23192", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-23192\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23192\nhttps://www.samba.org/samba/security/CVE-2021-23192.html"], "threat_severity": "Moderate", "upstream_fix": "samba 4.15.2, samba 4.14.10, samba 4.13.14"}