{"id":"CVE-2017-7494","details":"Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.","modified":"2026-04-16T01:43:37.892451415Z","published":"2017-05-30T18:29:00.190Z","related":["SUSE-SU-2017:1391-1","SUSE-SU-2017:1392-1","SUSE-SU-2017:1393-1","SUSE-SU-2017:1396-1","openSUSE-SU-2024:11365-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7494"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3860"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98636"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038552"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1270"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1271"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1272"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1273"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1390"},{"type":"ADVISORY","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201805-07"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20170524-0001/"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/42060/"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/42084/"},{"type":"FIX","url":"https://www.samba.org/samba/security/CVE-2017-7494.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/samba-team/samba","events":[{"introduced":"d82b72a5a5d7c1585a39f3a9530ff8861bfda45a"},{"fixed":"30812c414bb0ceb95abae08c35b94b2f97be4c5c"},{"introduced":"30812c414bb0ceb95abae08c35b94b2f97be4c5c"},{"fixed":"f0ec0c2c00e98d1c2197e8b0dc3211bff97129f5"},{"introduced":"916fab083a8cb5c10365da7f3a85d0bbfde4a30e"},{"fixed":"558f8e68f299d2f844b94f9df92ab6e8015f3392"},{"introduced":"f17816a4ae2bb0ed45561347a4c578ca9ab28ccf"},{"fixed":"b0b0bf168a4d38dc78e1f5f6d9da0569d0e268ea"}],"database_specific":{"cpe":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.5.0"},{"fixed":"4.4.0"},{"introduced":"4.4.0"},{"fixed":"4.4.14"},{"introduced":"4.5.0"},{"fixed":"4.5.10"},{"introduced":"4.6.0"},{"fixed":"4.6.4"}],"source":"CPE_FIELD"}}],"versions":["samba-4.4.0","samba-4.4.1","samba-4.4.10","samba-4.4.11","samba-4.4.12","samba-4.4.13","samba-4.4.2","samba-4.4.3","samba-4.4.4","samba-4.4.7","samba-4.5.0","samba-4.5.4","samba-4.5.5","samba-4.5.6","samba-4.5.9","samba-4.6.0","samba-4.6.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7494.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}