CVE-2014-3493
CVSS V2 Low 2.7
CVSS V3 None
Description
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
Overview
- CVE ID
- CVE-2014-3493
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2014-06-23T14:55:05
- Last Modified Date
- 2023-02-13T00:39:49
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:A/AC:L/Au:S/C:N/I:N/A:P
- Access Vector
- ADJACENT_NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- NONE
- Integrity Impact
- NONE
- Availability Impact
- PARTIAL
- Base Score
- 2.7
- Severity
- LOW
- Exploitability Score
- 5.1
- Impact Score
- 2.9
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2014-3493 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 18:35:06 | Added to TrackCVE | |||
2022-12-01 23:37:46 | 2014-06-23T14:55Z | 2014-06-23T14:55:05 | CVE Published Date | updated |
2022-12-01 23:37:46 | 2018-10-09T19:44:41 | CVE Modified Date | updated | |
2022-12-01 23:37:46 | Modified | Vulnerability Status | updated | |
2023-02-02 21:04:17 | 2023-02-02T20:17:10 | CVE Modified Date | updated | |
2023-02-02 21:04:18 | The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. | It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. | Description | updated |
2023-02-13 01:04:55 | 2023-02-13T00:39:49 | CVE Modified Date | updated | |
2023-02-13 01:04:56 | It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. | The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. | Description | updated |