A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Sep 2024 13:30:00 +0000
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-07-20T14:57:45.624Z
Updated: 2024-09-16T12:14:52.690Z
Reserved: 2023-06-07T21:11:04.261Z
Link: CVE-2023-34967
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-20T15:15:11.410
Modified: 2024-09-16T13:15:04.940
Link: CVE-2023-34967
Redhat