{"api_version":"1","generated_at":"2026-04-23T00:42:09+00:00","cve":"CVE-2022-0336","urls":{"html":"https://cve.report/CVE-2022-0336","api":"https://cve.report/api/cve/CVE-2022-0336.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0336","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0336"},"summary":{"title":"CVE-2022-0336","description":"The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-08-29 15:15:00","updated_at":"2023-09-17 09:15:00"},"problem_types":["CWE-276"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2022-0336","name":"https://access.redhat.com/security/cve/CVE-2022-0336","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202309-06","name":"GLSA-202309-06","refsource":"GENTOO","tags":[],"title":"Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.samba.org/show_bug.cgi?id=14950","name":"https://bugzilla.samba.org/show_bug.cgi?id=14950","refsource":"MISC","tags":[],"title":"14950 – (CVE-2022-0336) CVE-2022-0336 [SECURITY] Re-adding an SPN skips subsequent SPN conflict checks","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c","name":"https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c","refsource":"MISC","tags":[],"title":"CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-a… · samba-team/samba@1a5dc81 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400","name":"https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400","refsource":"MISC","tags":[],"title":"CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added… · samba-team/samba@c58ede4 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.samba.org/samba/security/CVE-2022-0336.html","name":"https://www.samba.org/samba/security/CVE-2022-0336.html","refsource":"MISC","tags":[],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2046134","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2046134","refsource":"MISC","tags":[],"title":"2046134 – (CVE-2022-0336) CVE-2022-0336 samba: Samba AD users with permission to write to an account can impersonate arbitrary services","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0336","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0336","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"336","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"336","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"336","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-0336","qid":"179066","title":"Debian Security Update for samba (DSA 5071-1)"},{"cve":"CVE-2022-0336","qid":"179080","title":"Debian Security Update for samba (CVE-2022-0336)"},{"cve":"CVE-2022-0336","qid":"198651","title":"Ubuntu Security Notification for Samba Vulnerabilities (USN-5260-1)"},{"cve":"CVE-2022-0336","qid":"282312","title":"Fedora Security Update for samba (FEDORA-2022-50da406d40)"},{"cve":"CVE-2022-0336","qid":"282317","title":"Fedora Security Update for samba (FEDORA-2022-055efdd9dc)"},{"cve":"CVE-2022-0336","qid":"296057","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)"},{"cve":"CVE-2022-0336","qid":"354310","title":"Amazon Linux Security Advisory for samba : ALAS2022-2022-022"},{"cve":"CVE-2022-0336","qid":"354496","title":"Amazon Linux Security Advisory for samba : ALAS2022-2022-224"},{"cve":"CVE-2022-0336","qid":"354550","title":"Amazon Linux Security Advisory for samba : ALAS-2022-224"},{"cve":"CVE-2022-0336","qid":"355336","title":"Amazon Linux Security Advisory for samba : ALAS2023-2023-032"},{"cve":"CVE-2022-0336","qid":"502620","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2022-0336","qid":"503810","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2022-0336","qid":"671442","title":"EulerOS Security Update for samba (EulerOS-SA-2022-1459)"},{"cve":"CVE-2022-0336","qid":"671468","title":"EulerOS Security Update for samba (EulerOS-SA-2022-1438)"},{"cve":"CVE-2022-0336","qid":"671569","title":"EulerOS Security Update for samba (EulerOS-SA-2022-1586)"},{"cve":"CVE-2022-0336","qid":"671623","title":"EulerOS Security Update for samba (EulerOS-SA-2022-1666)"},{"cve":"CVE-2022-0336","qid":"671635","title":"EulerOS Security Update for samba (EulerOS-SA-2022-1652)"},{"cve":"CVE-2022-0336","qid":"690784","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for samba (8579074c-839f-11ec-a3b2-005056a311d1)"},{"cve":"CVE-2022-0336","qid":"710751","title":"Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)"},{"cve":"CVE-2022-0336","qid":"751680","title":"OpenSUSE Security Update for samba (openSUSE-SU-2022:0283-1)"},{"cve":"CVE-2022-0336","qid":"751683","title":"SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0323-1)"},{"cve":"CVE-2022-0336","qid":"751994","title":"SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0283-1)"},{"cve":"CVE-2022-0336","qid":"903851","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for samba (10741)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-0336","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Samba","version":{"version_data":[{"version_value":"Affects Samba v4.0.0 and later, Fixed in samba v4.13.17, v4.14.12, v4.15.4."}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-276 - Incorrect Default Permissions"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.samba.org/samba/security/CVE-2022-0336.html","url":"https://www.samba.org/samba/security/CVE-2022-0336.html"},{"refsource":"MISC","name":"https://bugzilla.samba.org/show_bug.cgi?id=14950","url":"https://bugzilla.samba.org/show_bug.cgi?id=14950"},{"refsource":"MISC","name":"https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c","url":"https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c"},{"refsource":"MISC","name":"https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400","url":"https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2046134","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2046134"},{"refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2022-0336","url":"https://access.redhat.com/security/cve/CVE-2022-0336"},{"refsource":"GENTOO","name":"GLSA-202309-06","url":"https://security.gentoo.org/glsa/202309-06"}]},"description":{"description_data":[{"lang":"eng","value":"The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity."}]}},"nvd":{"publishedDate":"2022-08-29 15:15:00","lastModifiedDate":"2023-09-17 09:15:00","problem_types":["CWE-276"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.0","versionEndExcluding":"4.14.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.15.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.13.17","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"336","Ordinal":"226738","Title":"CVE-2022-0336","CVE":"CVE-2022-0336","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"336","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}