{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-57632", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-09-25T19:59:50.500Z", "dateReserved": "2025-08-17T00:00:00.000Z", "datePublished": "2025-09-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-09-25T19:59:50.500Z"}, "descriptions": [{"lang": "en", "value": "libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/sahlberg/libsmb2"}, {"url": "https://github.com/sahlberg/libsmb2/blob/master/lib/compat.c#L569"}, {"url": "https://gist.github.com/ZjW1nd/0b95b63307ceee7890e88e4abc6f041e"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.1"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation."}], "id": "CVE-2025-57632", "lastModified": "2025-09-25T20:15:35.237", "metrics": {}, "published": "2025-09-25T20:15:35.237", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/ZjW1nd/0b95b63307ceee7890e88e4abc6f041e"}, {"source": "cve@mitre.org", "url": "https://github.com/sahlberg/libsmb2"}, {"source": "cve@mitre.org", "url": "https://github.com/sahlberg/libsmb2/blob/master/lib/compat.c#L569"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{}