CVE-2013-4124

Exp

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Published: 2013-08-06 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2013-4124 is rated High Exploit Risk (70.4/100): CVSS Medium severity, with high exploitation likelihood (EPSS 83.53%, 99th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2013-4124

EDB-ID Source Kind Published Link
27778 exploit_db edb 2013-08-22 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2013-4124

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-03-13 82.88% 83.53% +0.65%
2 2026-01-18 86.81% 82.88% -3.93%
3 2025-03-19 86.81%

Full EPSS history (14 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-4124

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2013-4124

OS Trackers for CVE-2013-4124

vendor priority summary link
debian low CVE-2013-4124 low priority: Debian including 1 source packages (samba), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2013-4124
gentoo high CVE-2013-4124: 1 GLSA(s) (201502-15), 1 atom(s) (net-fs/samba); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-4124
redhat medium https://access.redhat.com/security/cve/CVE-2013-4124
suse medium CVE-2013-4124 severity moderate: SUSE including 737 source package names (cifs-mount-3.4.3-1.46.2, cifs-mount-3.4.3-1.52.3, …), 1184 product×package rows across 40 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 11 SP3, … (40 product lines)): Fixed 1140, Known Not Affected 44. https://www.suse.com/security/cve/CVE-2013-4124/
ubuntu medium CVE-2013-4124 medium priority: Ubuntu including 2 source packages (samba, samba4), 26 status rows across 13 suites (lucid, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 8, DNE 7, released 6, ignored 5. https://ubuntu.com/security/CVE-2013-4124

Affected software / configurations for CVE-2013-4124

Vendor Product Version Raw CPE
canonical ubuntu_linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
canonical ubuntu_linux 13.04 cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
redhat enterprise_linux 5 cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
fedoraproject fedora 18 cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
fedoraproject fedora 19 cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
samba samba 3.0.0 cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
samba samba 3.0.1 cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
samba samba 3.0.2 cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
samba samba 3.0.2 cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*
samba samba 3.0.2a cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
samba samba 3.0.3 cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
samba samba 3.0.4 cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
samba samba 3.0.4 cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
samba samba 3.0.5 cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
samba samba 3.0.6 cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
samba samba 3.0.7 cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
samba samba 3.0.8 cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
samba samba 3.0.9 cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
samba samba 3.0.10 cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
samba samba 3.0.11 cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
samba samba 3.0.12 cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
samba samba 3.0.13 cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
samba samba 3.0.14 cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
samba samba 3.0.14 cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*
samba samba 3.0.14a cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
samba samba 3.0.15 cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
samba samba 3.0.16 cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
samba samba 3.0.17 cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
samba samba 3.0.18 cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
samba samba 3.0.19 cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
samba samba 3.0.20 cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
samba samba 3.0.20 cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*
samba samba 3.0.20 cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*
samba samba 3.0.20a cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
samba samba 3.0.20b cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
samba samba 3.0.21 cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
samba samba 3.0.21 cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*
samba samba 3.0.21 cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*
samba samba 3.0.21 cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*
samba samba 3.0.21a cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
samba samba 3.0.21b cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
samba samba 3.0.21c cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
samba samba 3.0.22 cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
samba samba 3.0.23 cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
samba samba 3.0.23 cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*
samba samba 3.0.23 cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*
samba samba 3.0.23 cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*
samba samba 3.0.23 cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*
samba samba 3.0.23a cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
samba samba 3.0.23b cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
samba samba 3.0.23c cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
samba samba 3.0.23d cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
samba samba 3.0.24 cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
samba samba 3.0.25 cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
samba samba 3.0.25a cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*
samba samba 3.0.25b cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*
samba samba 3.0.25c cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*
samba samba 3.0.26 cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*
samba samba 3.0.26 cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*
samba samba 3.0.26a cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*
samba samba 3.0.27 cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*
samba samba 3.0.27 cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*
samba samba 3.0.28 cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*
samba samba 3.0.28 cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*
samba samba 3.0.29 cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*
samba samba 3.0.30 cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*
samba samba 3.0.31 cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*
samba samba 3.0.32 cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*
samba samba 3.0.33 cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*
samba samba 3.0.34 cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*

References for CVE-2013-4124

URL Tags
http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch Patch
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html Vendor Advisory
http://marc.info/?l=bugtraq&m=141660010015249&w=2
http://osvdb.org/95969
http://rhn.redhat.com/errata/RHSA-2013-1310.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1542.html
http://rhn.redhat.com/errata/RHSA-2013-1543.html
http://rhn.redhat.com/errata/RHSA-2014-0305.html
http://secunia.com/advisories/54519 Vendor Advisory
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:207
http://www.samba.org/samba/history/samba-3.5.22.html Vendor Advisory
http://www.samba.org/samba/history/samba-3.6.17.html Vendor Advisory
http://www.samba.org/samba/history/samba-4.0.8.html Vendor Advisory
http://www.samba.org/samba/security/CVE-2013-4124 Vendor Advisory
http://www.securitytracker.com/id/1028882
http://www.ubuntu.com/usn/USN-1966-1 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=984401
https://exchange.xforce.ibmcloud.com/vulnerabilities/86185
cvelogic Threat Intelligence