Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-34966
Summary
An infinite loop vulnerability was found in samba versions through 4.16.10, 4.17.0rc1 through 4.17.9, and 4.18.0rc1 through 4.18.4, Samba's "mdssvc" RPC service for Spotlight. When parsing Spotlight "mdssvc" RPC packets sent by the client, the core unmarshalling function "sl_unpack_loop()" did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing "0" as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a Denial-of-Service (DoS) condition.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-835 - Loop with Unreachable Exit Condition
Loops with multiple exits and flags detract from the quality of an application. They tend to make control structures difficult to understand, and introduce the risk of non-termination and other structural problems. The vulnerability “loop with unreachable exit condition” enables attackers to exploit this flaw, leading to denial of service.
Advisory Timeline
- Published
