ALPINE-CVE-2019-10218
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 06 Nov 2019, 10:15
Last modified:03 Dec 2025, 22:43
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Nov 2019, 10:15
Published
Vulnerability first disclosed
03 Dec 2025, 22:43
Last Modified
Vulnerability information updated
Description
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Systems
- alpine•samba
< 4.10.10-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.11.2-r0 | < 4.8.12-r1 | < 4.8.12-r1