Bug 16059 - CVE-2026-40170: thirdparty ngtcp2 needs to be updated
Summary: CVE-2026-40170: thirdparty ngtcp2 needs to be updated
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.24.0
Hardware: All All
: P5 normal (vote)
Target Milestone: 4.23
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2026-04-17 09:23 UTC by Björn Jacke
Modified: 2026-05-12 15:54 UTC (History)
4 users (show)

See Also:

Attachments
backport patch for 4.23 and 4.24 (641.32 KB, patch)
2026-04-27 11:12 UTC, Björn Jacke 		metze: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2026-04-17 09:23:03 UTC 
CVE-2026-40170 -  ngtcp2 before 1.22.1 can overflow a 1024-byte stack buffer in qlog parameters.

https://github.com/ngtcp2/ngtcp2/compare/v1.22.0...v1.22.1
Comment 1 Stefan Metzmacher 2026-04-17 09:39:47 UTC 
CVE-2026-40170: https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-f523-465f-8c8f
Comment 2 Björn Jacke 2026-04-27 11:12:29 UTC 
Created attachment 18950 [details]
backport patch for 4.23 and 4.24
Comment 3 Samba QA Contact 2026-04-27 12:43:04 UTC 
This bug was referenced in samba v4-24-test:

2cbb70f8391301573b0d6b87e93c067395e61336
Comment 4 Samba QA Contact 2026-04-27 13:00:05 UTC 
This bug was referenced in samba v4-23-test:

cbb4833caad37ca7337994e922304cd80ed1cca8
Comment 5 Samba QA Contact 2026-05-12 15:54:58 UTC 
This bug was referenced in samba v4-24-stable (Release samba-4.24.2):

2cbb70f8391301573b0d6b87e93c067395e61336