CVE-2021-3671
Advisory lineage Upstream: 0 Downstream: 12
Modified
Published: 12 Oct 2021, 00:00
Last modified:03 Aug 2024, 17:01
Vulnerability Summary
Overall Risk (default)
medium
27/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
5.14% LOW
5% probability +3.66%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Oct 2021, 00:00
Published
Vulnerability first disclosed
03 Aug 2024, 17:01
Last Modified
Vulnerability information updated
Description
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 5.14%• Percentile: 90%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- debian•debian_linux
10.0 | 11.0
- netapp•management_services_for_element_software
na
- netapp•management_services_for_netapp_hci
na
- netapp•ontap_select_deploy_administration_utility
na
- samba•samba
< 4.13.12 | ≥ 4.14.0, < 4.14.8
References (7)
- https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C
- https://bugzilla.samba.org/show_bug.cgi?id=14770%2C
- https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
- https://www.debian.org/security/2022/dsa-5287
- https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
- https://security.netapp.com/advisory/ntap-20221215-0002/
- https://security.netapp.com/advisory/ntap-20230216-0008/