CVE-2015-7540

high

Description

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

References

Advisories
More

https://security.gentoo.org/glsa/201612-47

https://bugzilla.redhat.com/show_bug.cgi?id=1288451

http://www.ubuntu.com/usn/USN-2855-2

http://www.ubuntu.com/usn/USN-2855-1

http://www.securitytracker.com/id/1034492

http://www.securityfocus.com/bid/79736

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.debian.org/security/2016/dsa-3433

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

https://www.samba.org/samba/security/CVE-2015-7540.html

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9d989c9dd7a5b92d0c5d65287935471b83b6e884

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=530d50a1abdcdf4d1775652d4c456c1274d83d8d

Details

Source: Mitre, NVD

Published: 2015-12-29

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.16706