CVE-2021-23192 - AskarLabs CVE Database

CVE-2021-23192

Vendor N/A

Product samba

Weakness CWE-20 · Input validation

Published March 2, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

Key dates

02Disclosure timeline

March 2, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-23192 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2020-25626 CVE-2020-3601 Cisco StarOS Privilege Escalation Vulnerability CVE-2022-29257 Electron's AutoUpdater module fails to validate certain nested components of the bundle CVE-2022-3388 Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products CVE-2023-25927 IBM Security Verify Access denial of service