← voltar
CVE-2025-9640

Samba: vfs_streams_xattr uninitialized memory write possible

CVSS 4.3 MEDIUMEPSS 0.4%CWE-908
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
sambaRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat OpenShift Container Platform 4

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/security/cve/CVE-2025-9640https://bugzilla.redhat.com/show_bug.cgi?id=2391698https://lists.debian.org/debian-lts-announce/2025/11/msg00027.htmlhttps://www.samba.org/samba/history/security.htmlhttp://www.openwall.com/lists/oss-security/2025/10/15/2http://www.openwall.com/lists/oss-security/2025/10/16/2