CVE-2023-34967

CVE-2023-34967

Name

CVE-2023-34967

Description

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://access.redhat.com/security/cve/CVE-2023-34967
MISC	https://www.samba.org/samba/security/CVE-2023-34967.html
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2222794
MISC	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
MISC	https://security.netapp.com/advisory/ntap-20230731-0010/
MISC	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
MISC	https://www.debian.org/security/2023/dsa-5477
	https://access.redhat.com/errata/RHSA-2023:6667
	https://access.redhat.com/errata/RHSA-2023:7139
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0423
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0580

Type

URI

MISC

https://access.redhat.com/security/cve/CVE-2023-34967

MISC

https://www.samba.org/samba/security/CVE-2023-34967.html

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2222794

MISC

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/

MISC

https://security.netapp.com/advisory/ntap-20230731-0010/

MISC

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/

MISC

https://www.debian.org/security/2023/dsa-5477

https://access.redhat.com/errata/RHSA-2023:6667

https://access.redhat.com/errata/RHSA-2023:7139

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0423

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0580

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.18.0	< 4.18.5
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.17.0	< 4.17.10
`cpe:2.3:a:samba:samba::::::::`	samba	>= None	< 4.16.11

CPE URI

Source package

Min version

Max version

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.18.0

< 4.18.5

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.17.0

< 4.17.10

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= None

< 4.16.11

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
samba	3.15-main	4.15.13-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
samba	3.16-main	4.15.13-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

samba

3.15-main

4.15.13-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

samba

3.16-main

4.15.13-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages