How severe is CVE-2022-2127?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-2127?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2022-2127

MEDIUM Year: 2022

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-125

View all →

Vulnerability Description

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.

CVE-2014-2031

MEDIUM

CVSS:5.9(Medium)

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging ...

CWE-1252014

CVE-2015-8984

MEDIUM

CVSS:5.9(Medium)

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which trigg...

CWE-1252015

CVE-2016-1249

MEDIUM

CVSS:5.9(Medium)

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned nu...

CWE-1252016

CVE-2016-2366

MEDIUM

CVSS:5.9(Medium)

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious ...

CWE-1252016

CVE-2016-2367

MEDIUM

CVSS:5.9(Medium)

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, ...

CWE-1252016

CVE-2016-2370

MEDIUM

CVSS:5.9(Medium)

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious...

CWE-1252016

CVE-2022-2127

Vulnerability Description

Related Vulnerabilities

CVE-2014-2031

CVE-2015-8984

CVE-2016-1249

CVE-2016-2366

CVE-2016-2367

CVE-2016-2370