{ "schema_version": "1.4.0", "id": "GHSA-r5pq-r3w3-76q7", "modified": "2025-04-12T12:55:18Z", "published": "2022-05-17T03:11:50Z", "aliases": [ "CVE-2015-5330" ], "details": "ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5330" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281326" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=0454b95657846fcecf0f51b6f1194faac02518bd" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=538d305de91e34a2938f5f219f18bf0e1918763f" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=a118d4220ed85749c07fb43c1229d9e2fecbea6b" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ba5dbda6d0174a59d221c45cca52ecd232820d48" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=f36cb71c330a52106e36028b3029d952257baf15" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48" }, { "type": "WEB", "url": "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201612-47" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2015-5330.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2016/dsa-3433" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/79734" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1034493" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2855-1" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2855-2" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2856-1" } ], "database_specific": { "cwe_ids": [ "CWE-200" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2015-12-29T22:59:00Z" } }