CVE-2022-3437 : samba - Buffer overflow in Heimdal unwrap_des3()
Versions Affected : All versions prior to TrueNAS Core 13.0-U3
Description
There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba).
Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client supplied data. The client cannot control the area of the server memory that is written to the file (or printer)
CVSS
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Base score 5.9
Workaround
Disable Samba if in use.
Mitigation
- Upgrade to TrueNAS SCALE 13.0-U3