CVE-2022-26809 (MS SMB CVE)

Andrew Bartlett abartlet at
Thu Jun 16 09:19:06 UTC 2022

On Thu, 2022-06-16 at 07:16 +0000, V S, Nagendra via samba-technical
> Hi,
> Couple of months ago Microsoft released notification for CVE-2022-26809. Would Samba be effect by this CVE?
> The CVE score is 9.8. With very little information in the public notification, couldn't tell with certainty if the CVE is relevant. 
> Thanks & Regards
> Nagendra.V.S 

I looked into this and it looks like an integer overflow in RPC
fragment reassembly per

While it is possible, it is unlikely we have exactly the same bug (we
likely have different bugs...).  

I looked at our code in this area and we were well guarded.  I couldn't
find a way to break it.

As an aside, it would be really awesome if someone could fund an
ongoing project to look over all the CVEs from Microsoft each month and
at least write them up in the way you ask.  

We can ask DocHelp for what the changes are, but we need to know to


Andrew Bartlett

Andrew Bartlett (he/him)
Samba Team Member (since 2001)
Samba Developer, Catalyst IT

More information about the samba-technical mailing list