CVE-2023-34966 — Infinite Loop in Samba

CWE-835 — Infinite Loop12 documents7 sources

Severity

7.5HIGHNVD

OSV6.5OSV5.9

EPSS

15.9%

top 5.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedJul 20

Latest updateJun 30

Description

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loo…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/samba4.17.0 — 4.17.10+2

▶Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u6+3

▶Ubuntusamba/samba< 2:4.15.13+dfsg-0ubuntu0.20.04.3+7

Also affects: Debian Linux 11.0, 12.0, Fedora 37, 38, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

OSV

samba regression↗2025-06-30

▶

OSV

samba vulnerabilities↗2025-06-19

▶

CVEList

Samba: infinite loop in mdssvc rpc service for spotlight↗2023-07-20

▶

GHSA

GHSA-45c7-642q-qm9m: An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight↗2023-07-20

▶

OSV

CVE-2023-34966: An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight↗2023-07-20

▶

📋Vendor Advisories

Ubuntu

Samba regression↗2025-06-30

▶

Ubuntu

Samba vulnerabilities↗2025-06-19

▶

Ubuntu

Samba vulnerabilities↗2023-07-19

▶

Red Hat

samba: infinite loop in mdssvc RPC service for spotlight↗2023-07-19

▶

Debian

CVE-2023-34966: samba - An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotl...↗2023

▶