Search for vulnerabilities
Vulnerability details: VCID-1bz1-zsuc-ekdg
Vulnerability ID VCID-1bz1-zsuc-ekdg
Aliases CVE-2023-34967
Summary A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34967.json
epss 0.15937 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.15937 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.15937 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.15937 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.15937 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.15937 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
epss 0.18572 https://api.first.org/data/v1/epss?cve=CVE-2023-34967
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-34967
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34967.json
https://access.redhat.com/security/cve/CVE-2023-34967
https://api.first.org/data/v1/epss?cve=CVE-2023-34967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4091
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
https://security.netapp.com/advisory/ntap-20230731-0010/
https://www.debian.org/security/2023/dsa-5477
https://www.samba.org/samba/security/CVE-2023-34967.html
2222794 https://bugzilla.redhat.com/show_bug.cgi?id=2222794
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2023-34967 https://nvd.nist.gov/vuln/detail/CVE-2023-34967
RHSA-2023:6667 https://access.redhat.com/errata/RHSA-2023:6667
RHSA-2023:7139 https://access.redhat.com/errata/RHSA-2023:7139
RHSA-2024:0423 https://access.redhat.com/errata/RHSA-2024:0423
RHSA-2024:0580 https://access.redhat.com/errata/RHSA-2024:0580
USN-6238-1 https://usn.ubuntu.com/6238-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34967.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34967
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94519
EPSS Score 0.15937
Published At Sept. 13, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:37:47.084528+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6238-1/ 37.0.0