Vulnerability-Lookup

CVE-2023-34967 (GCVE-0-2023-34967)

Vulnerability from cvelistv5 – Published: 2023-07-20 14:57 – Updated: 2025-11-20 17:29

Title

Samba: type confusion in mdssvc rpc service for spotlight

Summary

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

redhat

References

11 references

URL	Tags
https://access.redhat.com/errata/RHSA-2023:6667	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7139	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0423	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0580	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-34967	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2222794	issue-trackingx_refsource_REDHAT
https://www.samba.org/samba/security/CVE-2023-349…
https://lists.fedoraproject.org/archives/list/pac…	x_transferred
https://lists.fedoraproject.org/archives/list/pac…	x_transferred
https://security.netapp.com/advisory/ntap-2023073…	x_transferred
https://www.debian.org/security/2023/dsa-5477	x_transferred

Impacted products

8 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:4.18.6-1.el8 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:4.15.5-15.el8_6 , < * (rpm) cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/a:redhat:rhel_eus:8.6::crb cpe:/a:redhat:rhel_eus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:4.17.5-5.el8_8 , < * (rpm) cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:4.18.6-100.el9 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::resilientstorage cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Unaffected: 0:4.15.5-15.el8_6 , < * (rpm) cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/o:redhat:rhev_hypervisor:4.4::el8 cpe:/a:redhat:rhel_eus:8.6::crb cpe:/a:redhat:rhel_eus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Storage 3	cpe:/a:redhat:storage:3

Date Public

2023-07-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:17:04.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:6667",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6667"
          },
          {
            "name": "RHSA-2023:7139",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7139"
          },
          {
            "name": "RHSA-2024:0423",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0423"
          },
          {
            "name": "RHSA-2024:0580",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0580"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-34967"
          },
          {
            "name": "RHBZ#2222794",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222794"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5477"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2023-34967.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-1.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-1.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/a:redhat:rhel_eus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-15.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream",
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.17.5-5.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-100.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.6-100.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/a:redhat:rhel_eus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "samba",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.15.5-15.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba4",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:storage:3"
          ],
          "defaultStatus": "unknown",
          "packageName": "samba",
          "product": "Red Hat Storage 3",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Type Confusion vulnerability was found in Samba\u0027s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:29:02.200Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:6667",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6667"
        },
        {
          "name": "RHSA-2023:7139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7139"
        },
        {
          "name": "RHSA-2024:0423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0423"
        },
        {
          "name": "RHSA-2024:0580",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0580"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-34967"
        },
        {
          "name": "RHBZ#2222794",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222794"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2023-34967.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-07-19T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Samba: type confusion in mdssvc rpc service for spotlight",
      "workarounds": [
        {
          "lang": "en",
          "value": "As a possible workaround, disable Spotlight by removing all configuration stanzas (\"spotlight=yes|true\") that enable Spotlight ."
        }
      ],
      "x_redhatCweChain": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-34967",
    "datePublished": "2023-07-20T14:57:45.624Z",
    "dateReserved": "2023-06-07T21:11:04.261Z",
    "dateUpdated": "2025-11-20T17:29:02.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-34967",
      "date": "2026-06-12",
      "epss": "0.19204",
      "percentile": "0.95517"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.16.11\", \"matchCriteriaId\": \"7744EB5C-BA2E-4B42-9C28-DD0D4C234C3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.17.0\", \"versionEndExcluding\": \"4.17.10\", \"matchCriteriaId\": \"96A197EF-100E-4683-AA59-E0855CBCE38B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.18.0\", \"versionEndExcluding\": \"4.18.5\", \"matchCriteriaId\": \"55333C2A-E0E6-40A7-B655-93F05D6745AD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Type Confusion vulnerability was found in Samba\u0027s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.\"}]",
      "id": "CVE-2023-34967",
      "lastModified": "2024-11-21T08:07:44.293",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2023-07-20T15:15:11.410",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2023:6667\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7139\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0423\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0580\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-34967\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2222794\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.samba.org/samba/security/CVE-2023-34967.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6667\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0580\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-34967\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2222794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230731-0010/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5477\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.samba.org/samba/security/CVE-2023-34967.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-34967\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-07-20T15:15:11.410\",\"lastModified\":\"2024-11-21T08:07:44.293\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Type Confusion vulnerability was found in Samba\u0027s mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.16.11\",\"matchCriteriaId\":\"7744EB5C-BA2E-4B42-9C28-DD0D4C234C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.17.0\",\"versionEndExcluding\":\"4.17.10\",\"matchCriteriaId\":\"96A197EF-100E-4683-AA59-E0855CBCE38B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.18.0\",\"versionEndExcluding\":\"4.18.5\",\"matchCriteriaId\":\"55333C2A-E0E6-40A7-B655-93F05D6745AD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6667\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7139\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0423\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0580\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-34967\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2222794\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.samba.org/samba/security/CVE-2023-34967.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-34967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2222794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230731-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.samba.org/samba/security/CVE-2023-34967.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

WID-SEC-W-2023-1842

Vulnerability from csaf_certbund - Published: 2023-07-19 22:00 - Updated: 2025-06-19 22:00

Summary

Samba: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert. Ubuntu Linux ist die Linux Distribution des Herstellers Canonical.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um einen Denial of Service Angriff durchzuführen, Daten zu manipulieren und Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2022-2127

Affected products

Known affected 21 products

Product	Identifier	Version
Ubuntu Linux 22.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.04`	22.04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
HPE HP-UX (CIFS) Client/Server <B.04.18.01.00 HPE / HP-UX		(CIFS) Client/Server <B.04.18.01.00
IBM QRadar SIEM <7.5.0 UP8 IBM / QRadar SIEM		<7.5.0 UP8
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Ubuntu Linux 20.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:20.04`	20.04
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Ubuntu Linux 23.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:23.04`	23.04
Avaya CMS <1R20.0.1.0 Avaya / CMS		<1R20.0.1.0
Avaya Aura Application Enablement Services <10.1 SSP17 Avaya / Aura Application Enablement Services		<10.1 SSP17
Open Source Samba <4.17.10 Open Source / Samba		<4.17.10
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux 22.10 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.10`	22.1
Open Source Samba <4.18.5 Open Source / Samba		<4.18.5
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Samba <4.16.11 Open Source / Samba		<4.16.11
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Avaya Aura Experience Portal 8.x Avaya / Aura Experience Portal	`cpe:/a:avaya:aura_experience_portal:8.x`	8.x

CVE-2023-34966

Affected products

Known affected 21 products

Product	Identifier	Version
Ubuntu Linux 22.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.04`	22.04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
HPE HP-UX (CIFS) Client/Server <B.04.18.01.00 HPE / HP-UX		(CIFS) Client/Server <B.04.18.01.00
IBM QRadar SIEM <7.5.0 UP8 IBM / QRadar SIEM		<7.5.0 UP8
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Ubuntu Linux 20.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:20.04`	20.04
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Ubuntu Linux 23.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:23.04`	23.04
Avaya CMS <1R20.0.1.0 Avaya / CMS		<1R20.0.1.0
Avaya Aura Application Enablement Services <10.1 SSP17 Avaya / Aura Application Enablement Services		<10.1 SSP17
Open Source Samba <4.17.10 Open Source / Samba		<4.17.10
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux 22.10 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.10`	22.1
Open Source Samba <4.18.5 Open Source / Samba		<4.18.5
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Samba <4.16.11 Open Source / Samba		<4.16.11
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Avaya Aura Experience Portal 8.x Avaya / Aura Experience Portal	`cpe:/a:avaya:aura_experience_portal:8.x`	8.x

CVE-2023-34967

Affected products

Known affected 21 products

Product	Identifier	Version
Ubuntu Linux 22.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.04`	22.04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
HPE HP-UX (CIFS) Client/Server <B.04.18.01.00 HPE / HP-UX		(CIFS) Client/Server <B.04.18.01.00
IBM QRadar SIEM <7.5.0 UP8 IBM / QRadar SIEM		<7.5.0 UP8
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Ubuntu Linux 20.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:20.04`	20.04
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Ubuntu Linux 23.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:23.04`	23.04
Avaya CMS <1R20.0.1.0 Avaya / CMS		<1R20.0.1.0
Avaya Aura Application Enablement Services <10.1 SSP17 Avaya / Aura Application Enablement Services		<10.1 SSP17
Open Source Samba <4.17.10 Open Source / Samba		<4.17.10
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux 22.10 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.10`	22.1
Open Source Samba <4.18.5 Open Source / Samba		<4.18.5
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Samba <4.16.11 Open Source / Samba		<4.16.11
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Avaya Aura Experience Portal 8.x Avaya / Aura Experience Portal	`cpe:/a:avaya:aura_experience_portal:8.x`	8.x

CVE-2023-34968

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux 22.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.04`	22.04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
HPE HP-UX (CIFS) Client/Server <B.04.18.01.00 HPE / HP-UX		(CIFS) Client/Server <B.04.18.01.00
IBM QRadar SIEM <7.5.0 UP8 IBM / QRadar SIEM		<7.5.0 UP8
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Ubuntu Linux 20.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:20.04`	20.04
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Ubuntu Linux 23.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:23.04`	23.04
Avaya CMS <1R20.0.1.0 Avaya / CMS		<1R20.0.1.0
Avaya Aura Application Enablement Services <10.1 SSP17 Avaya / Aura Application Enablement Services		<10.1 SSP17
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux 22.10 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.10`	22.1
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Samba <4.16.11 Open Source / Samba		<4.16.11
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Avaya Aura Experience Portal 8.x Avaya / Aura Experience Portal	`cpe:/a:avaya:aura_experience_portal:8.x`	8.x

CVE-2023-3347

Affected products

Known affected 21 products

Product	Identifier	Version
Ubuntu Linux 22.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.04`	22.04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
HPE HP-UX (CIFS) Client/Server <B.04.18.01.00 HPE / HP-UX		(CIFS) Client/Server <B.04.18.01.00
IBM QRadar SIEM <7.5.0 UP8 IBM / QRadar SIEM		<7.5.0 UP8
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Ubuntu Linux 20.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:20.04`	20.04
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Ubuntu Linux 23.04 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:23.04`	23.04
Avaya CMS <1R20.0.1.0 Avaya / CMS		<1R20.0.1.0
Avaya Aura Application Enablement Services <10.1 SSP17 Avaya / Aura Application Enablement Services		<10.1 SSP17
Open Source Samba <4.17.10 Open Source / Samba		<4.17.10
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux 22.10 Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:22.10`	22.1
Open Source Samba <4.18.5 Open Source / Samba		<4.18.5
Ubuntu Linux Ubuntu / Linux	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Samba <4.16.11 Open Source / Samba		<4.16.11
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Avaya Aura Experience Portal 8.x Avaya / Aura Experience Portal	`cpe:/a:avaya:aura_experience_portal:8.x`	8.x

References

34 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.samba.org/samba/history/samba-4.16.11.html	external
https://ubuntu.com/security/notices/USN-6238-1	external
https://www.samba.org/samba/security/CVE-2023-3347.html	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2023:4328	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2023:4325	external
https://linux.oracle.com/errata/ELSA-2023-4325.html	external
https://oss.oracle.com/pipermail/el-errata/2023-A…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2023:6667	external
https://access.redhat.com/errata/RHSA-2023:7139	external
https://linux.oracle.com/errata/ELSA-2023-7139.html	external
https://alas.aws.amazon.com/AL2/ALAS-2023-2367.html	external
https://www.cybersecurity-help.cz/vdb/SB2023120539	external
https://access.redhat.com/errata/RHSA-2024:0423	external
https://access.redhat.com/errata/RHSA-2024:0580	external
https://security.gentoo.org/glsa/202402-28	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.debian.org/debian-security-announce…	external
https://www.ibm.com/support/pages/node/7145367	external
https://www.ibm.com/support/pages/node/7148094	external
https://lists.debian.org/debian-lts-announce/2024…	external
https://access.redhat.com/errata/RHSA-2024:4101	external
https://support.avaya.com/css/public/documents/10…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://ubuntu.com/security/notices/USN-7582-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Samba ist eine Open Source Software Suite, die Druck- und Dateidienste f\u00fcr SMB/CIFS Clients implementiert.\r\nUbuntu Linux ist die Linux Distribution des Herstellers Canonical.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Daten zu manipulieren und Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1842 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1842.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1842 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1842"
      },
      {
        "category": "external",
        "summary": "Samba Release Notification vom 2023-07-19",
        "url": "https://www.samba.org/samba/history/samba-4.16.11.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Advisory vom 2023-07-19",
        "url": "https://ubuntu.com/security/notices/USN-6238-1"
      },
      {
        "category": "external",
        "summary": "Samba Release Notification vom 2023-07-19",
        "url": "https://www.samba.org/samba/security/CVE-2023-3347.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-A90CFE35A5 vom 2023-07-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-bcd91bfcd3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-76C06C8576 vom 2023-07-21",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-76c06c8576"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:3017-1 vom 2023-07-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015694.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4328 vom 2023-07-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4328"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:3060-1 vom 2023-07-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015703.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:3066-1 vom 2023-07-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015711.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4325 vom 2023-07-31",
        "url": "https://access.redhat.com/errata/RHSA-2023:4325"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-4325 vom 2023-08-02",
        "url": "https://linux.oracle.com/errata/ELSA-2023-4325.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-4328 vom 2023-08-10",
        "url": "https://oss.oracle.com/pipermail/el-errata/2023-August/014371.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5477 vom 2023-08-14",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00169.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:3358-1 vom 2023-08-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015957.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6667 vom 2023-11-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:6667"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7139 vom 2023-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:7139"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-7139 vom 2023-11-21",
        "url": "https://linux.oracle.com/errata/ELSA-2023-7139.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2367 vom 2023-12-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2367.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1896 vom 2023-12-05",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2023120539"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0423 vom 2024-01-25",
        "url": "https://access.redhat.com/errata/RHSA-2024:0423"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0580 vom 2024-01-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:0580"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202402-28 vom 2024-02-19",
        "url": "https://security.gentoo.org/glsa/202402-28"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2929-1 vom 2024-02-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018041.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2930-1 vom 2024-02-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018042.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5647 vom 2024-03-24",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00055.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7145367 vom 2024-03-27",
        "url": "https://www.ibm.com/support/pages/node/7145367"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7148094 vom 2024-04-11",
        "url": "https://www.ibm.com/support/pages/node/7148094"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3792 vom 2024-04-22",
        "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4101 vom 2024-06-25",
        "url": "https://access.redhat.com/errata/RHSA-2024:4101"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2023-148 vom 2024-07-11",
        "url": "https://support.avaya.com/css/public/documents/101088682"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin vom 2024-10-25",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04724en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7582-1 vom 2025-06-19",
        "url": "https://ubuntu.com/security/notices/USN-7582-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Samba: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-19T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-20T08:09:13.583+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-1842",
      "initial_release_date": "2023-07-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-07-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-07-30T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-07-31T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2023-08-02T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-08-10T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-08-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-08-20T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-11-07T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-14T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-21T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-12-04T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-12-05T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-01-30T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-18T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-03-27T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-22T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2024-10-27T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2025-06-19T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "25"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1 SSP17",
                "product": {
                  "name": "Avaya Aura Application Enablement Services \u003c10.1 SSP17",
                  "product_id": "T036085"
                }
              },
              {
                "category": "product_version",
                "name": "10.1 SSP17",
                "product": {
                  "name": "Avaya Aura Application Enablement Services 10.1 SSP17",
                  "product_id": "T036085-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:avaya:aura_application_enablement_services:10.1_ssp17"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Aura Application Enablement Services"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.x",
                "product": {
                  "name": "Avaya Aura Experience Portal 8.x",
                  "product_id": "T020120",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:avaya:aura_experience_portal:8.x"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Aura Experience Portal"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1R20.0.1.0",
                "product": {
                  "name": "Avaya CMS \u003c1R20.0.1.0",
                  "product_id": "T036084"
                }
              },
              {
                "category": "product_version",
                "name": "1R20.0.1.0",
                "product": {
                  "name": "Avaya CMS 1R20.0.1.0",
                  "product_id": "T036084-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:avaya:call_management_system_server:1r20.0.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CMS"
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "(CIFS) Client/Server \u003cB.04.18.01.00",
                "product": {
                  "name": "HPE HP-UX (CIFS) Client/Server \u003cB.04.18.01.00",
                  "product_id": "T038611"
                }
              },
              {
                "category": "product_version",
                "name": "(CIFS) Client/Server B.04.18.01.00",
                "product": {
                  "name": "HPE HP-UX (CIFS) Client/Server B.04.18.01.00",
                  "product_id": "T038611-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:hp:hp-ux:%28cifs%29_clientserver__b.04.18.01.00"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "HP-UX"
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP8",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP8",
                  "product_id": "T033681"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP8",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP8",
                  "product_id": "T033681-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.16.11",
                "product": {
                  "name": "Open Source Samba \u003c4.16.11",
                  "product_id": "T028812"
                }
              },
              {
                "category": "product_version",
                "name": "4.16.11",
                "product": {
                  "name": "Open Source Samba 4.16.11",
                  "product_id": "T028812-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.16.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.18.5",
                "product": {
                  "name": "Open Source Samba \u003c4.18.5",
                  "product_id": "T028816"
                }
              },
              {
                "category": "product_version",
                "name": "4.18.5",
                "product": {
                  "name": "Open Source Samba 4.18.5",
                  "product_id": "T028816-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.18.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.17.10",
                "product": {
                  "name": "Open Source Samba \u003c4.17.10",
                  "product_id": "T028817"
                }
              },
              {
                "category": "product_version",
                "name": "4.17.10",
                "product": {
                  "name": "Open Source Samba 4.17.10",
                  "product_id": "T028817-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.17.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Samba"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "20.04",
                "product": {
                  "name": "Ubuntu Linux 20.04",
                  "product_id": "1262973",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:20.04"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Ubuntu Linux",
                "product": {
                  "name": "Ubuntu Linux",
                  "product_id": "T000126",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.04",
                "product": {
                  "name": "Ubuntu Linux 22.04",
                  "product_id": "T023281",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:22.04"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.1",
                "product": {
                  "name": "Ubuntu Linux 22.10",
                  "product_id": "T026107",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:22.10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "23.04",
                "product": {
                  "name": "Ubuntu Linux 23.04",
                  "product_id": "T027609",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:23.04"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-2127",
      "product_status": {
        "known_affected": [
          "T023281",
          "67646",
          "T038611",
          "T033681",
          "T012167",
          "T004914",
          "1262973",
          "74185",
          "T022954",
          "T027609",
          "T036084",
          "T036085",
          "T028817",
          "2951",
          "T002207",
          "T026107",
          "T028816",
          "T000126",
          "T028812",
          "398363",
          "T020120"
        ]
      },
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2022-2127"
    },
    {
      "cve": "CVE-2023-34966",
      "product_status": {
        "known_affected": [
          "T023281",
          "67646",
          "T038611",
          "T033681",
          "T012167",
          "T004914",
          "1262973",
          "74185",
          "T022954",
          "T027609",
          "T036084",
          "T036085",
          "T028817",
          "2951",
          "T002207",
          "T026107",
          "T028816",
          "T000126",
          "T028812",
          "398363",
          "T020120"
        ]
      },
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2023-34966"
    },
    {
      "cve": "CVE-2023-34967",
      "product_status": {
        "known_affected": [
          "T023281",
          "67646",
          "T038611",
          "T033681",
          "T012167",
          "T004914",
          "1262973",
          "74185",
          "T022954",
          "T027609",
          "T036084",
          "T036085",
          "T028817",
          "2951",
          "T002207",
          "T026107",
          "T028816",
          "T000126",
          "T028812",
          "398363",
          "T020120"
        ]
      },
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2023-34967"
    },
    {
      "cve": "CVE-2023-34968",
      "product_status": {
        "known_affected": [
          "T023281",
          "67646",
          "T038611",
          "T033681",
          "T012167",
          "T004914",
          "1262973",
          "74185",
          "T022954",
          "T027609",
          "T036084",
          "T036085",
          "2951",
          "T002207",
          "T026107",
          "T000126",
          "T028812",
          "398363",
          "T020120"
        ]
      },
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2023-34968"
    },
    {
      "cve": "CVE-2023-3347",
      "product_status": {
        "known_affected": [
          "T023281",
          "67646",
          "T038611",
          "T033681",
          "T012167",
          "T004914",
          "1262973",
          "74185",
          "T022954",
          "T027609",
          "T036084",
          "T036085",
          "T028817",
          "2951",
          "T002207",
          "T026107",
          "T028816",
          "T000126",
          "T028812",
          "398363",
          "T020120"
        ]
      },
      "release_date": "2023-07-19T22:00:00.000+00:00",
      "title": "CVE-2023-3347"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-34967 (GCVE-0-2023-34967)

WID-SEC-W-2023-1842

Tags

Sightings

Nomenclature