CVE-2023-34966

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 20, 2023

Updated: Jun 25, 2024

CWE ID 835

Summary

CVE-2023-34966: A denial-of-service vulnerability was discovered in Samba's mdssvc RPC service for Spotlight. The issue lies within the sl_unpack_loop() function, which fails to validate the count of elements in an array-like structure during network packet parsing. By manipulating the count value to 0, an attacker can trigger an infinite loop, causing the function to consume 100% CPU and resulting in a denial-of-service condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rzlEnn
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://nvd.nist.gov/vuln/detail/CVE-2023-34966

Back to Vulnerability Database

CVE-2023-34966

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations