Source: libsmb2 Version: 6.2+dfsg-2 Severity: important Tags: security upstream Forwarded: https://github.com/sahlberg/libsmb2/pull/431 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libsmb2. CVE-2025-57632[0]: | libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 | chained PDUs (NextCommand), libsmb2 repeatedly calls | smb2_add_iovector() to append to a fixed-size iovec array without | checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An | attacker can craft responses with many chained PDUs to overflow | v->niov and perform heap out-of-bounds writes, causing memory | corruption, crashes, and potentially arbitrary code execution. The | SMB2_OPLOCK_BREAK path bypasses message ID validation. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-57632 https://www.cve.org/CVERecord?id=CVE-2025-57632 [1] https://github.com/sahlberg/libsmb2/pull/431 [2] https://gist.github.com/ZjW1nd/0b95b63307ceee7890e88e4abc6f041e Regards, Salvatore
