{"id":"CVE-2022-27239","details":"In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.","modified":"2026-04-16T04:30:45.294846469Z","published":"2022-04-27T14:15:09.203Z","related":["SUSE-SU-2022:1427-1","SUSE-SU-2022:1428-1","SUSE-SU-2022:1429-1","SUSE-SU-2022:1430-1","SUSE-SU-2022:14950-1","SUSE-SU-2022:14951-1","SUSE-SU-2022:2378-1","openSUSE-SU-2024:12087-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5157"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202311-05"},{"type":"ADVISORY","url":"http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"},{"type":"REPORT","url":"https://bugzilla.samba.org/show_bug.cgi?id=15025"},{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=1197216"},{"type":"FIX","url":"https://github.com/piastry/cifs-utils/pull/7"},{"type":"FIX","url":"https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/piastry/cifs-utils","events":[{"introduced":"0"},{"fixed":"58ca03f183b375cb723097a241bc2fc2254dab21"},{"introduced":"0"},{"last_affected":"f54e674a82fc00e574e1ebbc77ba5841d8342b6d"},{"introduced":"0"},{"last_affected":"00cb36de848a52a5aaa510a46a5bdd40a7417692"},{"introduced":"0"},{"last_affected":"316522036133d44ed02cd39ed2748e2b59c85b30"},{"introduced":"0"},{"last_affected":"0fae4c72aec14e5c9a6eaac244daa9965f292fea"},{"introduced":"0"},{"last_affected":"279b1648a661c5e38e7650da74551cff9322a4f9"},{"introduced":"0"},{"last_affected":"9e2c2536f5a49ff7385ff17f0866ef1489bed671"},{"introduced":"0"},{"last_affected":"e4593787a6488573fbec99e5ee604a2e25bc1e5c"},{"introduced":"0"},{"last_affected":"279b1648a661c5e38e7650da74551cff9322a4f9"},{"introduced":"0"},{"last_affected":"9e2c2536f5a49ff7385ff17f0866ef1489bed671"},{"introduced":"0"},{"last_affected":"e4593787a6488573fbec99e5ee604a2e25bc1e5c"},{"introduced":"0"},{"last_affected":"279b1648a661c5e38e7650da74551cff9322a4f9"},{"introduced":"0"},{"last_affected":"9e2c2536f5a49ff7385ff17f0866ef1489bed671"},{"introduced":"0"},{"last_affected":"e4593787a6488573fbec99e5ee604a2e25bc1e5c"},{"introduced":"0"},{"last_affected":"6dcc86dff3f9afd75e3ae906fad3c8c223efddaf"},{"introduced":"0"},{"last_affected":"6dcc86dff3f9afd75e3ae906fad3c8c223efddaf"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.15"},{"introduced":"0"},{"last_affected":"4.0"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.1"},{"introduced":"0"},{"last_affected":"4.1"},{"introduced":"0"},{"last_affected":"4.2"},{"introduced":"0"},{"last_affected":"4.3"},{"introduced":"0"},{"last_affected":"4.1"},{"introduced":"0"},{"last_affected":"4.2"},{"introduced":"0"},{"last_affected":"4.3"},{"introduced":"0"},{"last_affected":"4.1"},{"introduced":"0"},{"last_affected":"4.2"},{"introduced":"0"},{"last_affected":"4.3"},{"introduced":"0"},{"last_affected":"5.2"},{"introduced":"0"},{"last_affected":"5.2"}]}}],"versions":["cifs-utils-4.0","cifs-utils-4.0a1","cifs-utils-4.0rc1","cifs-utils-4.1","cifs-utils-4.2","cifs-utils-4.3","cifs-utils-4.4","cifs-utils-4.5","cifs-utils-4.6","cifs-utils-4.7","cifs-utils-4.8","cifs-utils-4.8.1","cifs-utils-4.9","cifs-utils-5.0","cifs-utils-5.1","cifs-utils-5.2","cifs-utils-5.3","cifs-utils-5.4","cifs-utils-5.5","cifs-utils-5.6","cifs-utils-5.7","cifs-utils-5.8","cifs-utils-5.9","cifs-utils-6.0","cifs-utils-6.1","cifs-utils-6.10","cifs-utils-6.11","cifs-utils-6.12","cifs-utils-6.13","cifs-utils-6.14","cifs-utils-6.15","cifs-utils-6.2","cifs-utils-6.3","cifs-utils-6.4","cifs-utils-6.5","cifs-utils-6.6","cifs-utils-6.7","cifs-utils-6.8","cifs-utils-6.9","cifs-utils-7.0","cifs-utils-7.1","release-4-0a1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27239.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0-sp5"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp5"}]},{"events":[{"introduced":"0"},{"last_affected":"15"}]},{"events":[{"introduced":"0"},{"last_affected":"15-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"15-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp5"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}