PT-2023-4085 · Samba+9 · Samba+9

Florent Saudel

Published

2023-07-19

Updated

2025-06-30

CVE-2023-34966

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description The issue is related to the sl unpack loop() function in Samba's mdssvc RPC service for Spotlight. It does not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the function will run in an endless loop consuming 100% CPU. This allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2023:6667

ALSA-2023:7139

ALT-PU-2023-4520

ALT-PU-2023-4522

ALT-PU-2023-4523

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

AZL-27661

AZL-37021

BDU:2023-04385

CESA-2023_7139

CVE-2023-34966

DSA-5477-1

DSA-5647-1

ECHO-5D53-654C-E8E2

MGASA-2023-0247

OESA-2023-1449

OESA-2023-1450

OESA-2023-1451

OESA-2023-1452

OESA-2023-1453

OPENSUSE-SU-2024:13071-1

RHSA-2023:6667

RHSA-2023:7139

RHSA-2023_6667

RHSA-2023_7139

RHSA-2024:0423

RHSA-2024:0580

RHSA-2024:4101

SUSE-SU-2023:2888-1

SUSE-SU-2023:2929-1

SUSE-SU-2023:2930-1

SUSE-SU-2023:3060-1

SUSE-SU-2023:3066-1

SUSE-SU-2023_2929-1

SUSE-SU-2023_2930-1

SUSE-SU-2023_3060-1

USN-6238-1

USN-7582-1

USN-7582-2

ZDI-23-1228

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Samba

Suse

Ubuntu

PT-2023-4085 · Samba+9 · Samba+9

CVE-2023-34966

Weakness Enumeration

Related Identifiers

Affected Products

References · 118