CVE-2018-16852 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-16852 PUBLISHED CVSS 6.5 MEDIUM

Reported by redhat · Published November 28, 2018

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
[UNKNOWN]	samba	4.9.3
[UNKNOWN]	samba	4.9.3

Timeline

Nov 28, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score

References

x_refsource_CONFIRM
x_refsource_CONFIRM
x_refsource_CONFIRM
106024 vdb-entryx_refsource_BID
GLSA-202003-52 vendor-advisoryx_refsource_GENTOO

Open in Interactive Console →