CVE-2018-10858
moderate-risk
Published 2018-08-22
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Do I need to act?
~
5.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (10)
References (26)
Third Party Advisory
http://www.securityfocus.com/bid/105085
Third Party Advisory
http://www.securitytracker.com/id/1042002
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2612
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2613
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3056
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180814-0001/
Third Party Advisory
https://usn.ubuntu.com/3738-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4271
Vendor Advisory
https://www.samba.org/samba/security/CVE-2018-10858.html
Third Party Advisory
http://www.securityfocus.com/bid/105085
Third Party Advisory
http://www.securitytracker.com/id/1042002
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2612
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2613
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3056
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858
and 6 more references
43
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
9/34 · Low
Exposure
16/34 · Moderate