CVE-2023-34967

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-34967

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34967.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-34967

Related

Published

2023-07-20T15:15:11Z

Modified

2024-09-18T03:25:38.392997Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dallocvalueforkey() function, which returns the object associated with a key, a caller may trigger a crash in tallocget_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.

References

Affected packages

Debian:11 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.13.13+dfsg-1~deb11u6

Affected versions

2:4.*

2:4.13.5+dfsg-2

2:4.13.13+dfsg-1~deb11u1

2:4.13.13+dfsg-1~deb11u2

2:4.13.13+dfsg-1~deb11u3

2:4.13.13+dfsg-1~deb11u4

2:4.13.13+dfsg-1~deb11u5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.17.10+dfsg-0+deb12u1

Affected versions

2:4.*

2:4.17.8+dfsg-2

2:4.17.9+dfsg-0+deb12u1

2:4.17.9+dfsg-0+deb12u2

2:4.17.9+dfsg-0+deb12u3~bpo11+1

2:4.17.9+dfsg-0+deb12u3

2:4.17.10+dfsg-0+deb12u1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / samba

Package

Name: samba
Purl: pkg:deb/debian/samba?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:4.18.5+dfsg-1

Affected versions

2:4.*

2:4.17.8+dfsg-2

2:4.18.0~rc1+dfsg-1exp

2:4.18.0~rc2+dfsg-1

2:4.18.0~rc3+dfsg-1

2:4.18.0~rc4+dfsg-1

2:4.18.0+dfsg-1~exp1

2:4.18.1+dfsg-1~exp1

2:4.18.2+dfsg-1

2:4.18.3+dfsg-1

2:4.18.3+dfsg-2

2:4.18.3+dfsg-3

2:4.18.4+dfsg-1

2:4.18.4+dfsg-2~bpo12+1

2:4.18.4+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/samba-team/samba

Affected ranges

Type: GIT
Repo: https://github.com/samba-team/samba
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

225a003a043eee399b6d266d94440c399b6877e4

Affected versions

ldb-1.*

ldb-1.1.0

ldb-1.1.10

ldb-1.1.11

ldb-1.1.12

ldb-1.1.13

ldb-1.1.14

ldb-1.1.15

ldb-1.1.16

ldb-1.1.17

ldb-1.1.18

ldb-1.1.19

ldb-1.1.2

ldb-1.1.20

ldb-1.1.21

ldb-1.1.22

ldb-1.1.23

ldb-1.1.24

ldb-1.1.25

ldb-1.1.26

ldb-1.1.27

ldb-1.1.28

ldb-1.1.29

ldb-1.1.3

ldb-1.1.30

ldb-1.1.31

ldb-1.1.4

ldb-1.1.5

ldb-1.1.6

ldb-1.1.8

ldb-1.1.9

ldb-1.2.0

ldb-1.2.1

ldb-1.2.2

ldb-1.3.0

ldb-1.3.1

ldb-1.3.2

ldb-1.4.0

ldb-1.4.1

ldb-1.5.0

ldb-1.5.1

ldb-1.5.2

ldb-1.6.1

ldb-1.6.2

ldb-1.6.3

ldb-2.*

ldb-2.0.5

ldb-2.1.0

ldb-2.1.1

ldb-2.2.0

ldb-2.4.0

ldb-2.5.0

ldb-2.5.1

ldb-2.5.2

ldb-2.5.3

samba-4.*

samba-4.0.0alpha10

samba-4.0.0alpha11

samba-4.0.0alpha13

samba-4.0.0alpha14

samba-4.0.0alpha15

samba-4.0.0alpha16

samba-4.0.0alpha17

samba-4.0.0alpha18

samba-4.0.0alpha19

samba-4.0.0alpha20

samba-4.0.0alpha21

samba-4.0.0alpha6

samba-4.0.0alpha7

samba-4.0.0alpha8

samba-4.0.0alpha9

samba-4.0.0beta1

samba-4.0.0beta2

samba-4.0.0beta3

samba-4.0.0beta4

samba-4.0.0beta5

samba-4.0.0beta6

samba-4.0.0beta7

samba-4.0.0beta8

samba-4.0.0rc1

samba-4.10.0rc1

samba-4.11.0rc1

samba-4.12.0rc1

samba-4.13.0rc1

samba-4.14.0rc1

samba-4.15.0rc1

samba-4.16.0

samba-4.16.0rc1

samba-4.16.0rc2

samba-4.16.0rc3

samba-4.16.0rc4

samba-4.16.0rc5

samba-4.16.1

samba-4.16.10

samba-4.16.2

samba-4.16.3

samba-4.16.4

samba-4.16.5

samba-4.16.6

samba-4.16.7

samba-4.16.8

samba-4.16.9

samba-4.2.0rc1

samba-4.3.0rc1

samba-4.4.0rc1

samba-4.5.0rc1

samba-4.6.0rc1

samba-4.7.0rc1

samba-4.8.0rc1

samba-4.9.0rc1

talloc-1.*

talloc-1.3.1

talloc-2.*

talloc-2.0.0

talloc-2.0.1

talloc-2.0.7

talloc-2.0.8

talloc-2.1.0

talloc-2.1.1

talloc-2.1.10

talloc-2.1.11

talloc-2.1.12

talloc-2.1.13

talloc-2.1.14

talloc-2.1.15

talloc-2.1.16

talloc-2.1.2

talloc-2.1.3

talloc-2.1.4

talloc-2.1.5

talloc-2.1.6

talloc-2.1.7

talloc-2.1.8

talloc-2.1.9

talloc-2.2.0

talloc-2.3.0

talloc-2.3.1

talloc-2.3.2

talloc-2.3.3

tdb-1.*

tdb-1.1.5

tdb-1.2.0

tdb-1.2.1

tdb-1.2.10

tdb-1.2.11

tdb-1.2.12

tdb-1.2.13

tdb-1.3.0

tdb-1.3.1

tdb-1.3.10

tdb-1.3.11

tdb-1.3.12

tdb-1.3.13

tdb-1.3.14

tdb-1.3.15

tdb-1.3.16

tdb-1.3.17

tdb-1.3.18

tdb-1.3.2

tdb-1.3.3

tdb-1.3.4

tdb-1.3.5

tdb-1.3.6

tdb-1.3.7

tdb-1.3.8

tdb-1.3.9

tdb-1.4.0

tdb-1.4.1

tdb-1.4.2

tdb-1.4.3

tdb-1.4.4

tdb-1.4.5

tdb-1.4.6

tevent-0.*

tevent-0.10.0

tevent-0.10.1

tevent-0.10.2

tevent-0.11.0

tevent-0.9.11

tevent-0.9.12

tevent-0.9.13

tevent-0.9.14

tevent-0.9.15

tevent-0.9.16

tevent-0.9.17

tevent-0.9.18

tevent-0.9.19

tevent-0.9.20

tevent-0.9.21

tevent-0.9.22

tevent-0.9.23

tevent-0.9.24

tevent-0.9.25

tevent-0.9.26

tevent-0.9.27

tevent-0.9.28

tevent-0.9.29

tevent-0.9.30

tevent-0.9.31

tevent-0.9.32

tevent-0.9.33

tevent-0.9.34

tevent-0.9.35

tevent-0.9.36

tevent-0.9.37

tevent-0.9.38

tevent-0.9.39

tevent-0.9.8