CVE-2015-3223
MEDIUM5.3EPSS 20.3%samba - security update
Published: 12/29/2015Modified: 4/28/2026
Description
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
Affected packages (3)
- Debian/ldbfrom 0, < 2:1.1.24-1
- Debian/sambafrom 0, < 2:4.1.22+dfsg-1
- Debian/sambafrom 0, < 2:3.6.6-6+deb7u6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |