9
CVE-2021-44142
- EPSS 28.45%
- Published 21.02.2022 15:15:07
- Last modified 23.04.2025 19:15:51
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version21.10
Synology ≫ Diskstation Manager Version >= 6.2 < 6.2.4-25556.4
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Redhat ≫ Codeready Linux Builder Version-
Redhat ≫ Gluster Storage Version3.5
Redhat ≫ Virtualization Host Version4.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version8.2
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4
Redhat ≫ Enterprise Linux For Power Big Endian Version7.0
Redhat ≫ Enterprise Linux For Power Little Endian Version7.0
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4
Redhat ≫ Enterprise Linux For Scientific Computing Version7.0
Redhat ≫ Enterprise Linux Resilient Storage Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Version8.1
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Workstation Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 28.45% | 0.964 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.