ALPINE-CVE-2019-14833 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2019-14833 PUBLISHED CVSS 5.400000095367432 MEDIUM

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

Risk Scores

CVSS v3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.20	samba	0, 3.2.11-r1, 3.2.8-r0
Alpine:v3.19	samba	4.8.8-r0, 4.8.7-r0, 4.8.5-r0
Alpine:v3.22	samba	4.1.13-r0, 3.5.6-r1, 3.5.9-r1
Alpine:v3.15	samba	3.3.7-r4, 4.8.8-r0, 4.8.7-r0
Alpine:v3.8	samba	4.2.1-r2, 4.2.1-r1, 4.2.1-r0
Alpine:v3.13	samba	3.2.10-r0, 4.2.3-r2, 4.2.3-r1
Alpine:v3.11	samba	3.5.6-r3, 4.1.0-r2, 4.1.17-r0
Alpine:v3.12	samba	0, 3.5.9-r0, 3.2.11-r0
Alpine:v3.9	samba	0, 4.8.8-r0, 4.8.7-r0
Alpine:v3.21	samba	4.5.3-r0, 4.8.8-r0, 4.8.7-r0
Alpine:v3.14	samba	4.7.6-r0, 3.2.10-r0, 3.2.11-r1
Alpine:v3.23	samba	4.1.8-r0, 3.2.10-r0, 3.2.11-r0
Alpine:v3.10	samba	3.6.12-r0, 4.7.0-r1, 4.7.0-r2
Alpine:v3.17	samba	4.8.2-r0, 4.8.2-r1, 4.8.4-r0
Alpine:v3.16	samba	4.8.8-r0, 4.6.5-r0, 4.6.1-r2
Alpine:v3.18	samba	4.8.8-r0, 3.4.7-r0, 3.4.5-r1

Timeline

Nov 6, 2019 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-14833 advisory

Open in Interactive Console →