CVE-2023-5568
Published: 25 October 2023
Summary
CVE-2023-5568 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Samba Samba. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A heap-based buffer overflow vulnerability, tracked as CVE-2023-5568 and also associated with CWE-122 and CWE-787, affects the Samba file and print server software. The flaw permits a remote, authenticated attacker to trigger a denial of service condition, as reflected in its CVSS 3.1 score of 5.9 requiring high attack complexity and low privileges.
An authenticated remote attacker can send specially crafted requests over the network to the affected Samba instance, resulting in memory corruption that crashes the service and disrupts availability while leaving confidentiality and most integrity properties intact.
Public advisories reference fixes included in Samba 4.19.2 along with Red Hat and Samba bug trackers that document the issue and direct administrators to updated packages for mitigation.
The associated EPSS score reached a peak of 0.1224 with a current value of 0.1035, indicating moderate and relatively stable exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-57867
Vulnerability details
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in Samba's Heimdal KDC enables remote authenticated attackers to crash the service, facilitating endpoint denial of service through application exploitation.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.