CVE-2025-57632:
libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation.
Among the 6 debian patches
available in version 6.2+dfsg-3 of the package,
we noticed the following issues:
4 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Migration status for libsmb2 (6.2+dfsg-2 to 6.2+dfsg-3): Waiting for test results or another package, or too young (no action required now - check later)
![[bug history graph]](https://qa.debian.org/data/bts/graphs/libs/libsmb2.png){kind=link}