CVE-2023-34966

Summary

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:4.18.6-1.el8 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.18.6-1.el8 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support0:4.15.5-15.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:4.17.5-5.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:4.18.6-100.el9 < *unaffected
Red HatRed Hat Enterprise Linux 90:4.18.6-100.el9 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support0:4.17.5-105.el9_2 < *unaffected
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 80:4.15.5-15.el8_6 < *unaffected

Weaknesses

  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Workarounds

As a possible workaround, disable Spotlight by removing all configuration stanzas ("spotlight=yes|true") that enable Spotlight .

ADP Enrichment

CVE Program Container

Additional References

References