Debian Package Tracker
Register | Log in
Subscribe

libsmb2

Choose email to subscribe with

general
  • source: libsmb2 (main)
  • version: 6.2+dfsg-2
  • maintainer: Debian Security Tools (DMD)
  • uploaders: Matheus Polkorny [DMD]
  • arch: any
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 6.2+dfsg-2
  • testing: 6.2+dfsg-2
  • unstable: 6.2+dfsg-2
versioned links
  • 6.2+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libsmb2-6
  • libsmb2-dev
action needed
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2025-57632: libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation.
Created: 2025-09-26 Last update: 2025-09-27 15:32
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-57632: libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation.
Created: 2025-09-26 Last update: 2025-09-27 15:32
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2025-57632: libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation.
Created: 2025-09-26 Last update: 2025-09-27 15:32
Multiarch hinter reports 1 issue(s) normal
There are issues with the multiarch metadata for this package.
  • libsmb2-6 could be marked Multi-Arch: same
Created: 2025-03-30 Last update: 2025-09-27 13:01
news
[rss feed]
  • [2025-04-09] libsmb2 6.2+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2025-04-04] libsmb2 6.2+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2025-04-03] Accepted libsmb2 6.2+dfsg-2 (source) into unstable (Matheus Polkorny) (signed by: Samuel Henrique)
  • [2025-03-29] Accepted libsmb2 6.2+dfsg-1 (source amd64) into unstable (Debian FTP Masters) (signed by: Samuel Henrique)
bugs [bug history graph]
  • all: 1
  • RC: 0
  • I&N: 1
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 6.2+dfsg-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing