CVE-2015-3223

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-3223

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-3223.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2015-3223

Downstream

DEBIAN-CVE-2015-3223

DSA-3433-1

RHSA-2016:0009

RHSA-2016:0014

SUSE-SU-2015:2304-1

SUSE-SU-2015:2305-1

UBUNTU-CVE-2015-3223

USN-2855-1

USN-2856-1

openSUSE-SU-2024:10069-1

openSUSE-SU-2024:10074-1

Related

Published

2015-12-29T22:59:00Z

Modified

2025-08-09T20:01:27Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

The ldbwildcardcompare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

References

Affected packages