Samba : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution)
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
Max CVSS
9.8
EPSS Score
77.32%
Published
2017-11-27
Updated
2022-08-16
CVE-2017-7494
Known exploited
Public exploit
Used for ransomware
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Max CVSS
10.0
EPSS Score
97.26%
Published
2017-05-30
Updated
2022-08-16
CISA KEV Added
2023-03-30
2 vulnerabilities found