CVE-2014-0178

low

Published 2014-05-28 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-0178

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.samba.org/samba/security/CVE-2014-0178

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`2:4.1.8+dfsg-1`
debian	bullseye	fixed	`2:4.1.8+dfsg-1`
debian	forky	fixed	`2:4.1.8+dfsg-1`
debian	sid	fixed	`2:4.1.8+dfsg-1`
debian	trixie	fixed	`2:4.1.8+dfsg-1`

Application impact

Vendor	Product	Versions	Fixed
samba	samba	`{"startIncluding":"3.6.6","endExcluding":"3.6.25"}`	`3.6.25`
samba	samba	`4.1.0`
samba	samba	`4.1.1`
samba	samba	`4.1.2`
samba	samba	`4.1.3`
samba	samba	`4.1.4`
samba	samba	`4.1.5`
samba	samba	`4.1.6`
samba	samba	`4.1.7`
samba	samba	`3.6.6`
samba	samba	`3.6.7`
samba	samba	`3.6.8`
samba	samba	`3.6.9`
samba	samba	`3.6.10`
samba	samba	`3.6.11`
samba	samba	`3.6.12`
samba	samba	`3.6.13`
samba	samba	`3.6.14`
samba	samba	`3.6.15`
samba	samba	`3.6.16`
samba	samba	`3.6.17`
samba	samba	`3.6.18`
samba	samba	`3.6.19`
samba	samba	`3.6.20`
samba	samba	`3.6.21`
samba	samba	`3.6.22`
samba	samba	`3.6.23`

References

CWEs

CWE-665

Verify integrity in audit chain (admin only). AS-IS.