CVE-2015-7540
7.5
HIGH
CVSS 3.1
EPSS 23.2%
Description
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
How to fix CVE-2015-7540
To remediate CVE-2015-7540, upgrade the affected package to a fixed version below.
- Debian/samba—upgrade to 2:4.1.22+dfsg-1 or later
Is CVE-2015-7540 being exploited?
Moderate — EPSS is 23.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2:4.1.22+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |