Description
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
References (12)
Scores
CVSS v3
7.5
EPSS
0.1356
EPSS Percentile
94.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (7)
debian/debian_linux
11.0
debian/debian_linux
12.0
fedoraproject/fedora
37
fedoraproject/fedora
38
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
samba/samba
< 4.16.11
Published
Jul 20, 2023
Tracked Since
Feb 18, 2026