CVE-2022-3592
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/01/2023
Last modified:
08/04/2025
Description
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.17.0 (including) | 4.17.2 (excluding) |
| cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/security/cve/CVE-2022-3592
- https://bugzilla.redhat.com/show_bug.cgi?id=2137776
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2022-3592.html
- https://access.redhat.com/security/cve/CVE-2022-3592
- https://bugzilla.redhat.com/show_bug.cgi?id=2137776
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2022-3592.html