What is CVE-2019-19344?

CVE-2019-19344 is a medium-severity vulnerability in Samba, classified under Use After Free. CVSS score: 6.5/10. Published 2020-01-21.

How severe is CVE-2019-19344?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Use After Free in Samba

CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point…

Vulnerability class: Use-After-Free

EPSS: 0.031 (85.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Samba
Synology Directory_server
Synology Diskstation_manager — versions 6.2
Synology Router_manager — versions 1.2
Synology Skynas
Canonical Ubuntu_linux — versions 16.04, 18.04, 19.04
Opensuse Leap — versions 15.1
Red Hat Samba — versions all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12, all samba 4.9.x versions before 4.9.18

Weakness classification (CWE)

CWE-416 — Use After Free

References

secalert@redhat.com (Third Party Advisory, Issue Tracking)
secalert@redhat.com (Vendor Advisory)
secalert@redhat.com (Third Party Advisory)
secalert@redhat.com (Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory)
secalert@redhat.com (vendor-advisory)
secalert@redhat.com (vendor-advisory)
secalert@redhat.com (mailing-list)

Frequently asked questions

What is CVE-2019-19344?: CVE-2019-19344 is a medium-severity vulnerability in Samba, classified under Use After Free. CVSS score: 6.5/10. Published 2020-01-21.
How severe is CVE-2019-19344?: Medium severity. CVSS v3 base score is 6.5 out of 10.