Home

CVE-2015-3223

Description

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
19.022

Associated Vulnerability

VulnerabilityOS Platform
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_3.6.3-2ubuntu2.13_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_3.6.3-2ubuntu2.13_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.13+dfsg-4ubuntu3.1_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.13+dfsg-4ubuntu3.1_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu2_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu3_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu2_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu3_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.6+dfsg-1ubuntu2.14.04.11_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.6+dfsg-1ubuntu2.14.04.11_amd64.debLinux
LDAP-like embedded database (USN-2856-1) libldb1_1.1.4-1ubuntu0.1_i386.debLinux
LDAP-like embedded database (USN-2856-1) libldb1_1.1.4-1ubuntu0.1_amd64.debLinux
LDAP-like embedded database (USN-2856-1) libldb1_1.1.18-1ubuntu0.1_i386.debLinux
LDAP-like embedded database (USN-2856-1) libldb1_1.1.18-1ubuntu0.1_amd64.debLinux
LDAP-like embedded database (USN-2856-1) libldb1_1.1.20-2_i386.debLinux
LDAP-like embedded database (USN-2856-1) libldb1_1.1.20-2_amd64.debLinux
samba regression update(DSA-3548-3) samba_4.2.10+dfsg-0+deb8u3_i386.debLinux
samba regression update(DSA-3548-3) samba_4.2.10+dfsg-0+deb8u3_amd64.debLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) ldb-debugsource-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-32bit-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-debuginfo-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-debuginfo-32bit-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-debuginfo-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-debuginfo-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-32bit-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-debuginfo-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-debuginfo-32bit-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-32bit-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-debuginfo-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-debuginfo-32bit-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-debuginfo-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-debuginfo-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) talloc-debugsource-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) tdb-debugsource-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Server 12 ) tdb-tools-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Server 12 ) tdb-tools-debuginfo-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) tevent-debugsource-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) ldb-debugsource-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-32bit-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-debuginfo-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-debuginfo-32bit-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-debuginfo-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-debuginfo-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-32bit-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-debuginfo-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-debuginfo-32bit-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-32bit-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-debuginfo-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-debuginfo-32bit-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-debuginfo-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-debuginfo-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) talloc-debugsource-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) tdb-debugsource-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Server 12-SP1 ) tdb-tools-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Server 12-SP1 ) tdb-tools-debuginfo-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) tevent-debugsource-0.9.26-4.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234