Published: 28/03/2023 Updated: 22/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netatalk netatalk
debian debian linux 10.0
debian debian linux 11.0

Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 3112~ds-8+deb11u1 We re ...

CWE-125 https://www.zerodayinitiative.com/advisories/ZDI-22-528/https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html https://www.debian.org/security/2023/dsa-5503 https://security.gentoo.org/glsa/202311-02 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5503 https://www.zerodayinitiative.com/advisories/ZDI-22-528/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23123

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect