Total vulnerabilities in the database
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
| Software | From | Fixed in |
|---|---|---|
| samba / samba | 4.18.0 | 4.18.5 |
| samba / samba | 4.17.0 | 4.17.10 |
| samba / samba | - | 4.16.11 |
| fedoraproject / fedora | 38 | 38.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / enterprise_linux | 9.0 | 9.0.x |
| fedoraproject / fedora | 37 | 37.x |
| debian / debian_linux | 11.0 | 11.0.x |
| debian / debian_linux | 12.0 | 12.0.x |