{
  "threat_severity" : "Moderate",
  "public_date" : "2017-11-21T00:00:00Z",
  "bugzilla" : {
    "description" : "samba: Server heap-memory disclosure",
    "id" : "1512465",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1512465"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "details" : [ "Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.", "A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server." ],
  "acknowledgement" : "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Volker Lendecke (SerNet and the Samba Team) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-11-29T00:00:00Z",
    "advisory" : "RHSA-2017:3278",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "samba4-0:4.2.10-12.el6_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-11-27T00:00:00Z",
    "advisory" : "RHSA-2017:3260",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "samba-0:4.6.2-12.el7_4"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.3 for RHEL 6",
    "release_date" : "2017-11-27T00:00:00Z",
    "advisory" : "RHSA-2017:3261",
    "cpe" : "cpe:/a:redhat:storage:3.3:samba:el6",
    "package" : "samba-0:4.6.3-9.el6rhs"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.3 for RHEL 7",
    "release_date" : "2017-11-27T00:00:00Z",
    "advisory" : "RHSA-2017:3261",
    "cpe" : "cpe:/a:redhat:storage:3.3:samba:el7",
    "package" : "samba-0:4.6.3-9.el7rhgs"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "samba",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "samba",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-15275\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15275\nhttps://www.samba.org/samba/security/CVE-2017-15275.html" ],
  "name" : "CVE-2017-15275",
  "csaw" : false
}