CVE-2015-3223

5.3 MEDIUM

Published: December 29, 2015 Modified: May 06, 2026

Description

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3433

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/79731

Source: secalert@redhat.com

http://www.securitytracker.com/id/1034493

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2855-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2855-2

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2856-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1290287

Source: secalert@redhat.com

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465

Source: secalert@redhat.com

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201612-47

Source: secalert@redhat.com

https://www.samba.org/samba/security/CVE-2015-3223.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3433

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/79731

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034493

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2855-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2855-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2856-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1290287

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=ec504dbf69636a554add1f3d5703dd6c3ad450b8

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201612-47

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.samba.org/samba/security/CVE-2015-3223.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.3 / 10.0

EPSS (Exploit Probability)

20.3%

96th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-189 CWE-399

Affected Vendors

samba

Related CVEs

CVE-2026-6222 5.3

CVE-2026-40003 5.1

CVE-2026-44597 3.7

CVE-2026-6278 N/A

CVE-2026-41484 5.3