Dell Unity: Is Unity Affected By CVE-2022-3437 and CVE-2022-3592 (User Correctable)
Summary: This article details the susceptibility of Dell Unity products to the vulnerabilities detailed in CVE-2022-3437 and CVE-2022-3592.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Information on whether or not Dell Unity products are vulnerable to CVE-2022-3437 and CVE-2022-3592.
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in Heimdal GSSAPI library allow length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
CVE-2022-3592
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that makes 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share using SMB1 UNIX extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's file system.
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in Heimdal GSSAPI library allow length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
CVE-2022-3592
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that makes 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share using SMB1 UNIX extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's file system.
Cause
Vulnerability listed in CVE was tested.
Resolution
The vulnerability described in CVE-2022-3437 and CVE-2022-3592 does not affect Dell Unity.
Additional Information
See links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592
What is CVE?
CVE is short for Common Vulnerabilities and Exposures. It is a list of publicly disclosed computer security flaws. When someone mentions a CVE, they mean a security flaw that is assigned a CVE ID number.
Security advisories issued by vendors and researchers almost always mention at least one CVE ID. CVEs help IT professionals coordinate their efforts to prioritize and address these vulnerabilities to make computer systems more secure.
Affected Products
Dell EMC Unity, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity HybridArticle Properties
Article Number: 000207506
Article Type: Solution
Last Modified: 17 Oct 2025
Version: 6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.