A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
Published 2023-07-20 15:15:11
Updated 2024-01-30 16:15:46
Source Red Hat, Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-34967

4.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-34967

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.3
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.9
1.4
NIST
5.3
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.9
1.4
Red Hat, Inc.

CWE ids for CVE-2023-34967

References for CVE-2023-34967

Products affected by CVE-2023-34967

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!