CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

16 Sep 2024, 13:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20230731-0010/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://www.debian.org/security/2023/dsa-5477', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}

30 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0580 -

25 Jan 2024, 20:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0423 -

27 Dec 2023, 22:06

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
References
  • () https://access.redhat.com/errata/RHSA-2023:7139 - Third Party Advisory
  • () https://access.redhat.com/errata/RHSA-2023:6667 - Third Party Advisory
References (MISC) https://www.debian.org/security/2023/dsa-5477 - (MISC) https://www.debian.org/security/2023/dsa-5477 - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ - Mailing List
References (MISC) https://security.netapp.com/advisory/ntap-20230731-0010/ - (MISC) https://security.netapp.com/advisory/ntap-20230731-0010/ - Third Party Advisory

15 Aug 2023, 04:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5477 -

05 Aug 2023, 03:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/ -

31 Jul 2023, 19:15

Type Values Removed Values Added
CWE CWE-843
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230731-0010/ -
References (MISC) https://www.samba.org/samba/security/CVE-2023-34967.html - (MISC) https://www.samba.org/samba/security/CVE-2023-34967.html - Vendor Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-34967 - (MISC) https://access.redhat.com/security/cve/CVE-2023-34967 - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ - Mailing List
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222794 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222794 - Issue Tracking
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

22 Jul 2023, 03:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/ -

20 Jul 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-20 15:15

Updated : 2024-09-16 13:15


NVD link : CVE-2023-34967

Mitre link : CVE-2023-34967

CVE.ORG link : CVE-2023-34967


JSON object : View

Products Affected

debian

  • debian_linux

samba

  • samba

fedoraproject

  • fedora

redhat

  • enterprise_linux
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')