Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1884

NIXPKGS-2026-1884
published 10 hours ago
Samba: denial of service against ad dc wins server
Permalink CVE-2026-3238
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 10 hours ago by @LeSuisse Activity log
  • Created suggestion 15 hours ago
  • @LeSuisse ignored package sambamba 10 hours ago
  • @LeSuisse accepted 10 hours ago
  • @LeSuisse ignored maintainer @aneeshusa 10 hours ago maintainer.ignore
  • @LeSuisse published on GitHub 10 hours ago
Samba: denial of service against ad dc wins server

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

Affected products

rhcos
samba
samba4

Matching in nixpkgs

pkgs.samba

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

Ignored packages (1)

Package maintainers

Ignored maintainers (1)