UBUNTU-CVE-2018-10858

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2018-10858

Downstream

USN-3738-1

Published: 14 Aug 2018, 00:00

Last modified:22 Apr 2026, 11:40

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

3.0 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Aug 2018, 00:00

Published

Vulnerability first disclosed

22 Apr 2026, 11:40

Last Modified

Vulnerability information updated

Description

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVSS Metrics

v3.0•MEDIUM•Score: 4.3CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Affected Systems

ubuntu•samba
< 2:4.3.11+dfsg-0ubuntu0.14.04.16 | < 2:4.3.11+dfsg-0ubuntu0.16.04.15 | < 2:4.7.6+dfsg~ubuntu-0ubuntu2.2

References (4)

https://ubuntu.com/security/CVE-2018-10858
https://www.samba.org/samba/security/CVE-2018-10858.html
https://ubuntu.com/security/notices/USN-3738-1
https://www.cve.org/CVERecord?id=CVE-2018-10858