CVE-2014-3560
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.7195 (71.9%)
Percentile: 98.8%
EPSS: 2026-05-06
Affects
canonical:ubuntu_linuxredhat:enterprise_linuxsamba:sambaTechnical description
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
Published: 8/6/2014, 6:55:05 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
- http://secunia.com/advisories/59583
- http://secunia.com/advisories/59610
- http://secunia.com/advisories/59976
- http://www.samba.org/samba/security/CVE-2014-3560
- http://www.securityfocus.com/bid/69021