Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

  • Published: Feb 21, 2022
  • Updated: Nov 8, 2023
  • CVE: CVE-2021-44142
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9
  • AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
samba / samba 4.15.0 4.15.5
samba / samba 4.14.0 4.14.12
samba / samba - 4.13.17
debian / debian_linux 10.0 10.0.x
debian / debian_linux 11.0 11.0.x
canonical / ubuntu_linux 18.04 18.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 20.04 20.04.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 21.10 21.10.x
synology / diskstation_manager 6.2 6.2.4-25556.4
fedoraproject / fedora 34 34.x
fedoraproject / fedora 35 35.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_for_scientific_computing 7.0 7.0.x
redhat / enterprise_linux 7.0 7.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_resilient_storage 7.0 7.0.x
redhat / enterprise_linux_for_power_little_endian 7.0 7.0.x
redhat / enterprise_linux_for_power_big_endian 7.0 7.0.x
redhat / enterprise_linux_for_ibm_z_systems 7.0 7.0.x
redhat / virtualization_host 4.0 4.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / gluster_storage 3.5 3.5.x
redhat / enterprise_linux_server 8.1 8.1.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian_eus 8.2 8.2.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.2 8.2.x
redhat / enterprise_linux_for_power_little_endian 8.0 8.0.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.4 8.4.x
redhat / enterprise_linux_for_ibm_z_systems 8.0 8.0.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4 8.4.x