CVE-2023-34967Type Confusion in Samba

CWE-843Type Confusion8 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
21.2%
top 4.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedJul 20

Description

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsamba/samba4.17.04.17.10+2
Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u6+3

Also affects: Debian Linux 11.0, 12.0, Fedora 37, 38, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

4
CVEList
Samba: type confusion in mdssvc rpc service for spotlight2023-07-20
OSV
CVE-2023-34967: A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight2023-07-20
GHSA
GHSA-86p4-vhr6-2vv3: A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight2023-07-20
OSV
samba vulnerabilities2023-07-19

📋Vendor Advisories

3
Ubuntu
Samba vulnerabilities2023-07-19
Red Hat
samba: type confusion in mdssvc RPC service for spotlight2023-07-19
Debian
CVE-2023-34967: samba - A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotl...2023