Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-42464

Published: 20/09/2023 Updated: 12/01/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Netatalk

Vulnerability Summary

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x prior to 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

Vulnerable Product Search on Vulmon Subscribe to Product

netatalk netatalk

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2023-42464: 0-day vulnerability in afpd Spotlight RPC
Debian Bug report logs - #1052087 CVE-2023-42464: 0-day vulnerability in afpd Spotlight RPC Package: netatalk; Maintainer for netatalk is Debian Netatalk team <pkg-netatalk-devel@listsaliothdebianorg>; Source for netatalk is src:netatalk (PTS, buildd, popcon) Reported by: Daniel Markstedt <daniel@mindaninet> Date ...
Debian Security Advisories: DSA-5503-1 netatalk -- security update
Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure For the oldstable distribution (bullseye), these problems have been fixed in version 3112~ds-8+deb11u1 We re ...

References

CWE-843https://github.com/Netatalk/netatalk/issues/486https://netatalk.sourceforge.io/https://www.debian.org/security/2023/dsa-5503https://lists.debian.org/debian-lts-announce/2023/09/msg00031.htmlhttps://netatalk.sourceforge.io/CVE-2023-42464.phphttps://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052087https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5503
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook