CVE-2023-34966

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Published: Jul 20, 2023
Updated: Aug 1, 2023
CVE: CVE-2023-34966
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
samba / samba	4.18.0	4.18.5
samba / samba	4.17.0	4.17.10
samba / samba	-	4.16.11
fedoraproject / fedora	38	38.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
fedoraproject / fedora	37	37.x
debian / debian_linux	11.0	11.0.x
debian / debian_linux	12.0	12.0.x

Vulnerability Database

289,599

CVE-2023-34966