CVE-2023-34966

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-34966
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34966.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-34966
Downstream
Related
Published
2023-07-20T15:15:11.333Z
Modified
2026-03-14T15:01:40.424235Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
225a003a043eee399b6d266d94440c399b6877e4
Introduced
fbec737d9d3d992b54f52defcba62a304efef8f7
Fixed
5eceb0dfb4a6490da3e7fc58f4b527b16b934195
Introduced
a597a8767fabfe85ee0bcf869407e770a0c3e184
Fixed
50a9b496556c08a451d8f18707fa709de69942ec
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.16.11"
        },
        {
            "introduced": "4.17.0"
        },
        {
            "fixed": "4.17.10"
        },
        {
            "introduced": "4.18.0"
        },
        {
            "fixed": "4.18.5"
        }
    ]
}

Affected versions

ldb-2.*
ldb-2.6.2
ldb-2.7.2
samba-4.*
samba-4.17.0
samba-4.17.1
samba-4.17.2
samba-4.17.3
samba-4.17.4
samba-4.17.5
samba-4.17.6
samba-4.17.7
samba-4.17.8
samba-4.17.9
samba-4.18.0
samba-4.18.1
samba-4.18.2
samba-4.18.3
samba-4.18.4

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34966.json"