Lucene search
Redhat.comRH:CVE-2023-34966HistoryJul 20, 2023 - 9:31 a.m.
CVE-2023-34966
2023-07-2009:31:06
redhat.com
access.redhat.com
21
samba
mdssvc
rpc
spotlight
denial of service
0.025 Low
EPSS
Percentile
90.0%
An infinite loop vulnerability was found in Samba’s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
Mitigation
As a possible workaround, disable Spotlight by removing all configuration stanzas ("spotlight=yes|true") that enable Spotlight .
Related
ubuntucve
ubuntucve
CVE-2023-34966
2023-07-19 00:00:00
prion
prion
Race condition
2023-07-20 15:15:00
debiancve
debiancve
CVE-2023-34966
2023-07-20 14:56:14
zdi
zdi
cve
cve
CVE-2023-34966
2023-07-20 14:56:14
alpinelinux
alpinelinux
CVE-2023-34966
2023-07-20 14:56:14
veracode
veracode
Denial Of Service (DoS)
2023-08-06 10:02:28
samba
samba
Samba Spotlight mdssvc RPC Request Infinite
2023-07-19 00:00:00
cvelist
cvelist
CVE-2023-34966 Samba: infinite loop in mdssvc rpc service for spotlight
2023-07-20 14:56:14
osv
osv
CVE-2023-34966
2023-07-20 15:15:11
Moderate: samba security, bug fix, and enhancement update
2023-11-14 00:00:00
Moderate: samba security, bug fix, and enhancement update
2023-11-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-3229)
2023-11-10 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-1163)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-3194)
2023-11-10 00:00:00
nessus
nessus
EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2023-3510)
2024-01-16 00:00:00
EulerOS 2.0 SP10 : samba (EulerOS-SA-2023-3229)
2024-01-16 00:00:00
EulerOS 2.0 SP5 : samba (EulerOS-SA-2024-1163)
2024-02-08 00:00:00
redhat
redhat
(RHSA-2023:7139) Moderate: samba security, bug fix, and enhancement update
2023-11-14 08:46:27
(RHSA-2023:6667) Moderate: samba security, bug fix, and enhancement update
2023-11-07 06:11:31
(RHSA-2024:0580) Moderate: samba security update
2024-01-30 12:53:22
almalinux
almalinux
Moderate: samba security, bug fix, and enhancement update
2023-11-14 00:00:00
Moderate: samba security, bug fix, and enhancement update
2023-11-07 00:00:00
ibm
ibm
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2023-11-18 00:00:00
samba security, bug fix, and enhancement update
2023-11-11 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2023-07-19 00:00:00
mageia
mageia
Updated samba packages fix security vulnerability
2023-08-23 22:56:41
cloudfoundry
cloudfoundry
USN-6238-1: Samba vulnerabilities | Cloud Foundry
2023-08-10 00:00:00
debian
debian
[SECURITY] [DSA 5477-1] samba security update
2023-08-14 18:38:41
[SECURITY] [DSA 5647-1] samba security update
2024-03-24 20:22:16
slackware
slackware
[slackware-security] samba
2023-08-04 20:53:11
ubuntu
ubuntu
Samba vulnerabilities
2023-07-19 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: samba-4.18.5-0.fc38
2023-07-22 01:23:14
[SECURITY] Fedora 37 Update: samba-4.17.10-0.fc37
2023-08-05 01:20:29
redos
redos
ROS-20230920-01
2023-09-20 00:00:00
gentoo
gentoo
Samba: Multiple Vulnerabilities
2024-02-19 00:00:00
hp
hp
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00