VDB

ALPINE-CVE-2021-23192

ALPINE-CVE-2021-23192 PUBLISHED CVSS 7.5 HIGH

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.20samba4.12.7-r0, 3.2.10-r0, 3.2.11-r0
Alpine:v3.22samba4.7.0-r0, 4.10.0, 0
Alpine:v3.21samba4.10.0, 3.2.10-r0, 3.2.11-r0
Alpine:v3.18samba4.7.0-r1, 0, 3.2.10-r0
Alpine:v3.19samba3.3.4-r0, 3.2.11-r0, 3.2.10-r0
Alpine:v3.15samba0, 3.2.10-r0, 3.2.11-r1
Alpine:v3.16samba0, 3.6.16-r0, 3.6.15-r0
Alpine:v3.23samba4.2.9-r0, 4.14.6-r0, 4.14.5-r0
Alpine:v3.14samba4.5.1-r0, 4.5.3-r0, 4.5.3-r1
Alpine:v3.17samba4.1.13-r0, 4.10.0, 0
Alpine:v3.13samba0, 0, 4.8.8-r0
Alpine:v3.24samba4.10.0, 0

Timeline

  • Mar 2, 2022 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jul 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›