CVE-2023-34966: high-severity vulnerability in Samba


Samba, a popular freeware implementation of the Server Message Block (SMB) protocol, has released software updates to address multiple security vulnerabilities. If successfully exploited, these vulnerabilities could allow remote attackers to crash the system on affected installations.

The most serious vulnerability, CVE-2023-34966 (CVSS score of 7.5), is an infinite loop vulnerability in Samba’s mdssvc RPC service for Spotlight. This vulnerability affects all versions of Samba prior to 4.18.5, 4.17.10, and 4.16.11.

Read more…