CVE-2021-44142

Advisory lineage Upstream: 0 Downstream: 27

Downstream

ALPINE-CVE-2021-44142 DEBIAN-CVE-2021-44142 DSA-5071-1 MGASA-2022-0054 OPENSUSE-SU-2022:0283-1 OPENSUSE-SU-2024:11807-1

Modified

Published: 21 Feb 2022, 14:30

Last modified:23 Apr 2025, 19:02

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9 HIGH

v2.0 (nvd)

EPSS Score

35.7% HIGH

36% probability +9.90%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Feb 2022, 14:30

Published

Vulnerability first disclosed

23 Apr 2025, 19:02

Last Modified

Vulnerability information updated

Description

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 9AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 35.70%• Percentile: 97%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 20.04 | 21.10
debian•debian_linux
10.0 | 11.0
fedoraproject•fedora
34 | 35
redhat•codeready_linux_builder
na
redhat•enterprise_linux
7.0 | 8.0
redhat•enterprise_linux_desktop
7.0
redhat•enterprise_linux_eus
8.2 | 8.4
redhat•enterprise_linux_for_ibm_z_systems
7.0 | 8.0
redhat•enterprise_linux_for_ibm_z_systems_eus
8.2 | 8.4
redhat•enterprise_linux_for_power_big_endian
7.0
redhat•enterprise_linux_for_power_little_endian
7.0 | 8.0
redhat•enterprise_linux_for_power_little_endian_eus
8.2 | 8.4
redhat•enterprise_linux_for_scientific_computing
7.0
redhat•enterprise_linux_resilient_storage
7.0
redhat•enterprise_linux_server
7.0 | 8.1
redhat•enterprise_linux_server_aus
8.2 | 8.4
redhat•enterprise_linux_server_tus
8.2 | 8.4
redhat•enterprise_linux_server_update_services_for_sap_solutions
8.1 | 8.2 | 8.4
redhat•enterprise_linux_workstation
7.0
redhat•gluster_storage
3.5
redhat•virtualization_host
4.0
samba•samba
≥ unspecified, < 4.13.17 | ≥ unspecified, < 4.14.12 | ≥ unspecified, < 4.15.5 | < 4.13.17 | ≥ 4.14.0, < 4.14.12 | ≥ 4.15.0, < 4.15.5
synology•diskstation_manager
≥ 6.2, < 6.2.4-25556.4