An infinite loop vulnerability was found in Sambas mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | * | 4.16.11 (excluding) |
| Samba | Samba | 4.17.0 (including) | 4.17.10 (excluding) |
| Samba | Samba | 4.18.0 (including) | 4.18.5 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | samba-0:4.18.6-1.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | samba-0:4.18.6-1.el8 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | samba-0:4.15.5-15.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | samba-0:4.17.5-5.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | samba-0:4.18.6-100.el9 | * |
| Red Hat Enterprise Linux 9 | RedHat | samba-0:4.18.6-100.el9 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | samba-0:4.17.5-105.el9_2 | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | RedHat | samba-0:4.15.5-15.el8_6 | * |
| Samba | Ubuntu | bionic | * |
| Samba | Ubuntu | devel | * |
| Samba | Ubuntu | focal | * |
| Samba | Ubuntu | jammy | * |
| Samba | Ubuntu | kinetic | * |
| Samba | Ubuntu | lunar | * |
| Samba | Ubuntu | mantic | * |
| Samba | Ubuntu | noble | * |
| Samba | Ubuntu | oracular | * |
| Samba | Ubuntu | trusty | * |
| Samba | Ubuntu | xenial | * |