{"id":"CVE-2022-3437","details":"A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.","modified":"2026-04-16T04:38:15.276270790Z","published":"2023-01-12T15:15:10.083Z","related":["SUSE-SU-2022:4395-1","SUSE-SU-2023:0081-1","SUSE-SU-2023:0160-1","openSUSE-SU-2023:0019-1","openSUSE-SU-2023:0020-1","openSUSE-SU-2024:12454-1","openSUSE-SU-2024:12580-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/02/08/1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"},{"type":"ADVISORY","url":"https://www.samba.org/samba/security/CVE-2022-3437.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2022-3437"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202309-06"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-06"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230216-0008/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137774"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/samba-team/samba","events":[{"introduced":"df33344d8eb40221d60c99931690703a11d91bc2"},{"fixed":"37595203ef30b1a631b94075328f8d0d604e6e71"},{"introduced":"e95d85f784ae6b19f2cb42cc9039b60b146e5b69"},{"fixed":"dc74e56c03d3aa95ec6b2e44f9ff3b22ee1e380b"},{"introduced":"fbec737d9d3d992b54f52defcba62a304efef8f7"},{"fixed":"21f995104c870cdfbdb0db61e290b2da8bc87ee1"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.15.11"},{"introduced":"4.16.0"},{"fixed":"4.16.6"},{"introduced":"4.17.0"},{"fixed":"4.17.2"}]}}],"versions":["ldb-2.5.1","ldb-2.5.2","samba-4.16.0","samba-4.16.1","samba-4.16.2","samba-4.16.3","samba-4.16.4","samba-4.16.5","samba-4.17.0","samba-4.17.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3437.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}