CVE-2023-34966

Updated: 2024-11-22 20:58:07.230761

Description:

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU samba 4.17.5 7.5 HIGH In Testing 2025-01-18 22:07:58
CentOS 6 ELS samba 3.6.23 7.5 HIGH Not Vulnerable 2023-08-08 14:05:56
CentOS 7 ELS samba 4.10.16 7.5 HIGH Released CLSA-2024:1724260726 2024-09-16 12:34:00
CentOS 8.4 ELS samba 4.13.3-5 7.5 HIGH Released CLSA-2023:1691577351 2023-08-09 09:12:14
CentOS 8.5 ELS samba 4.14.5-7 7.5 HIGH Released CLSA-2023:1691606420 2023-08-09 17:06:11
CloudLinux 6 ELS samba 3.6.23 7.5 HIGH Not Vulnerable 2023-08-08 14:05:56
Oracle Linux 6 ELS samba 3.6.23 7.5 HIGH Not Vulnerable 2023-08-08 14:05:56
Ubuntu 16.04 ELS samba 4.3.11 7.5 HIGH Released CLSA-2023:1691576181 2023-08-09 09:12:12
Ubuntu 18.04 ELS samba 4.7.6 7.5 HIGH Released CLSA-2023:1691576572 2023-08-09 09:12:14