Published: 28/03/2023 Updated: 22/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netatalk netatalk
debian debian linux 10.0
debian debian linux 11.0

Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 3112~ds-8+deb11u1 We re ...

CWE-755 https://www.zerodayinitiative.com/advisories/ZDI-22-527/https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html https://www.debian.org/security/2023/dsa-5503 https://security.gentoo.org/glsa/202311-02 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5503 https://www.zerodayinitiative.com/advisories/ZDI-22-527/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23121

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect