CVE-2021-23192
Summary
| CVE | CVE-2021-23192 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-02 23:15:00 UTC |
| Updated | 2023-09-17 09:15:00 UTC |
| Description | A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security | GENTOO | security.gentoo.org | |
| 2019666 – (CVE-2021-23192) CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability | MISC | bugzilla.redhat.com | |
| Samba - Security Announcement Archive | MISC | www.samba.org | |
| CVE-2021-23192 | Ubuntu | MISC | ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159551 Oracle Enterprise Linux Security Update for samba (ELSA-2021-5082)
- 178884 Debian Security Update for samba (DSA 5003-1)
- 183425 Debian Security Update for samba (CVE-2021-23192)
- 198583 Ubuntu Security Notification for Samba Vulnerability (USN-5142-1)
- 239912 Red Hat Update for samba (RHSA-2021:4843)
- 239961 Red Hat Update for samba (RHSA-2021:5082)
- 239984 Red Hat Update for samba (RHSA-2022:0008)
- 282091 Fedora Security Update for freeipa (FEDORA-2021-1d77047c61)
- 282156 Fedora Security Update for freeipa (FEDORA-2021-12af2614da)
- 296061 Oracle Solaris 11.4 Support Repository Update (SRU) 42.113.1 Missing (CPUJAN2022)
- 354310 Amazon Linux Security Advisory for samba : ALAS2022-2022-022
- 354496 Amazon Linux Security Advisory for samba : ALAS2022-2022-224
- 354550 Amazon Linux Security Advisory for samba : ALAS-2022-224
- 377403 Alibaba Cloud Linux Security Update for samba (ALINUX3-SA-2021:0077)
- 501490 Alpine Linux Security Update for samba
- 501779 Alpine Linux Security Update for samba
- 502027 Alpine Linux Security Update for samba
- 504394 Alpine Linux Security Update for samba
- 690244 Free Berkeley Software Distribution (FreeBSD) Security Update for samba (646923b0-41c7-11ec-a3b2-005056a311d1)
- 710751 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)
- 751344 OpenSUSE Security Update for samba (openSUSE-SU-2021:3650-1)
- 751345 OpenSUSE Security Update for samba and ldb (openSUSE-SU-2021:3647-1)
- 751352 OpenSUSE Security Update for samba (openSUSE-SU-2021:1471-1)
- 751359 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2021:3649-1)
- 901014 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (8903)
- 940212 AlmaLinux Security Update for samba (ALSA-2021:5082)
- 960801 Rocky Linux Security Update for samba (RLSA-2021:5082)