Is CVE-2023-34966 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 62%.

What products does CVE-2023-34966 affect?

Tracked products affected include Samba. Check the version you run to see whether it is affected.

How do I fix CVE-2023-34966?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2023-34966

Q: What is CVE-2023-34966?

CVE-2023-34966 is a high-severity software vulnerability (CWE-835) with a CVSS score of 7.5. An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network pac

HIGH severity · CVSS 7.5 · CWE-835

7.5CVSS HIGH

Summary

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactNone

Availability impactHigh

Exploit probability (EPSS)62%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

Samba

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

CVE-2023-34966

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information