Back to bug 2222793
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-07-13 18:08:13 UTC | CC | security-response-team | |
| TEJ RATHI | 2023-07-13 18:11:37 UTC | CC | abokovoy, anoopcs, asn, dkarpele, nobody, pfilipen, sbose | |
| TEJ RATHI | 2023-07-13 18:13:19 UTC | Blocks | 2216374 | |
| TEJ RATHI | 2023-07-14 11:38:32 UTC | Severity | high | medium |
| Priority | high | medium | ||
| TEJ RATHI | 2023-07-14 11:42:34 UTC | Depends On | 2222896, 2222894, 2222895 | |
| TEJ RATHI | 2023-07-17 14:35:11 UTC | Deadline | 2023-07-19 | |
| TEJ RATHI | 2023-07-19 14:52:32 UTC | Fixed In Version | samba 4.16.11, samba 4.17.10, samba 4.18.5 | |
| TEJ RATHI | 2023-07-20 04:50:44 UTC | Doc Text | An infinite loop vulnerability was discovered in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This vulnerability can be exploited by an attacker by issuing a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. | |
| TEJ RATHI | 2023-07-20 09:25:10 UTC | Summary | EMBARGOED CVE-2023-34966 samba: infinite loop in mdssvc RPC service for spotlight | CVE-2023-34966 samba: infinite loop in mdssvc RPC service for spotlight |
| CC | rhs-smb | |||
| Group | qe_staff, security | |||
| Deadline | 2023-07-19 | |||
| TEJ RATHI | 2023-07-20 09:33:07 UTC | Depends On | 2224253 | |
| RaTasha Tillery-Smith | 2023-07-20 13:38:48 UTC | Doc Text | An infinite loop vulnerability was discovered in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This vulnerability can be exploited by an attacker by issuing a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. |
Back to bug 2222793