CVE-2023-34967

Name
CVE-2023-34967
Description
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://access.redhat.com/security/cve/CVE-2023-34967
MISC https://www.samba.org/samba/security/CVE-2023-34967.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2222794
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
MISC https://security.netapp.com/advisory/ntap-20230731-0010/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
MISC https://www.debian.org/security/2023/dsa-5477
https://access.redhat.com/errata/RHSA-2023:6667
https://access.redhat.com/errata/RHSA-2023:7139
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0423
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0580

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.18.0 < 4.18.5
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.17.0 < 4.17.10
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= None < 4.16.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba 3.15-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.16-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable