CVE-2016-0771

Description

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

How to fix CVE-2016-0771

To remediate CVE-2016-0771, upgrade the affected package to a fixed version below.

Debian/samba—upgrade to 2:4.3.6+dfsg-1 or later

Is CVE-2016-0771 being exploited?

Moderate — EPSS is 5.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 2:4.3.6+dfsg-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2016-0771