CVE-2022-32742

Public on 2022-08-25

Modified on 2024-01-30

Description

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

Severity

Medium

See what this means

CVSS v3 Base Score

4.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	samba	2022-12-01 17:33	ALAS-2022-1642
Amazon Linux 2 - Core	samba	2023-07-20 17:29	ALAS2-2023-2166
Amazon Linux 2023	samba	2023-02-17 20:44	ALAS2023-2023-032

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
NVD	CVSSv3	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

Red Hat: CVE-2022-32742 Mitre: CVE-2022-32742 FAQs regarding Amazon Linux ALAS/CVE Severity