CVE-2012-0817

Severity CVSS v4.0:

Pending analysis

Type:

CWE-200 Information Leak / Disclosure

Publication date:

30/01/2012

Last modified:

11/04/2025

Description

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 5.00 MEDIUM
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0

5.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:samba:samba:3.6.0:::::::*
cpe:2.3:a:samba:samba:3.6.1:::::::*
cpe:2.3:a:samba:samba:3.6.2:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072930.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
http://secunia.com/advisories/47763
http://secunia.com/advisories/48879
http://www.samba.org/samba/history/samba-3.6.3.html
http://www.samba.org/samba/security/CVE-2012-0817
http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072930.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
http://secunia.com/advisories/47763
http://secunia.com/advisories/48879
http://www.samba.org/samba/history/samba-3.6.3.html
http://www.samba.org/samba/security/CVE-2012-0817