Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-34966

Good to know:

icon

Date: July 20, 2023

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Language: C

Severity Score

Related Resources (14)

https://nvd.nist.gov/vuln/detail/CVE-2023-34966
https://access.redhat.com/errata/RHSA-2023:6667
https://security.netapp.com/advisory/ntap-20230731-0010/
https://access.redhat.com/errata/RHSA-2024:0580
https://access.redhat.com/errata/RHSA-2023:7139
https://www.debian.org/security/2023/dsa-5477
https://access.redhat.com/security/cve/CVE-2023-34966
https://security-tracker.debian.org/tracker/CVE-2023-34966
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
https://bugzilla.redhat.com/show_bug.cgi?id=2222793
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
https://access.redhat.com/errata/RHSA-2024:0423
https://www.samba.org/samba/security/CVE-2023-34966
https://www.mend.io/vulnerability-database/CVE-2023-34966

Severity Score

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

icon

Upgrade Version

Upgrade to version samba-4.16.11,samba-4.17.10,samba-4.18.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us