CVE-2026-3238

Published: Giu 08, 2026 Last Modified: Giu 08, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.

476

NULL Pointer Dereference

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory
Applicable Platforms
Languages: C, C++, Java, C#, Go
Likelihood of Exploit: Medium
View CWE Details
https://access.redhat.com/security/cve/CVE-2026-3238
https://access.redhat.com/security/cve/CVE-2026-3238
https://bugzilla.redhat.com/show_bug.cgi?id=2486176
https://bugzilla.redhat.com/show_bug.cgi?id=2486176
https://www.samba.org/samba/security/CVE-2026-3238.html
https://www.samba.org/samba/security/CVE-2026-3238.html