Search criteria
8 vulnerabilities by Netatalk
CVE-2022-43634 (GCVE-0-2022-43634)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-12 17:42
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Credits
Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:05.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-094/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/Netatalk/pull/186"
},
{
"name": "FEDORA-2023-aaeb45fb73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/"
},
{
"name": "FEDORA-2023-e714897e70",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/"
},
{
"name": "FEDORA-2023-599faf1b1c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T17:41:58.753550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T17:42:14.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T04:06:20.590Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-094/"
},
{
"url": "https://github.com/Netatalk/Netatalk/pull/186"
},
{
"name": "FEDORA-2023-aaeb45fb73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/"
},
{
"name": "FEDORA-2023-e714897e70",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/"
},
{
"name": "FEDORA-2023-599faf1b1c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-43634",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-10-21T00:00:00.000Z",
"dateUpdated": "2025-02-12T17:42:14.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23122 (GCVE-0-2022-23122)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Orange Tsai (@orange_8361) from DEVCORE Research Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:54.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:16.491Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23122",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:54.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23121 (GCVE-0-2022-23121)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Severity ?
9.8 (Critical)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Credits
NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) "
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:24.449Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23121",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:53.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0194 (GCVE-0-2022-0194)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Theori (@theori_io)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:50.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:19.530Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-0194",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:50.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23123 (GCVE-0-2022-23123)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Credits
Orange Tsai (@orange_8361) from DEVCORE Research Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:55.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:26.028Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23123",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:55.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23124 (GCVE-0-2022-23124)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Credits
Theori (@theori_io)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:18.022Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23124",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23125 (GCVE-0-2022-23125)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Theori (@theori_io)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:57.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "5.18.117"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:22.856Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23125",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:57.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-1160 (GCVE-0-2018-1160)
Vulnerability from cvelistv5 – Published: 2018-12-20 21:00 – Updated: 2026-02-13 19:35
VLAI?
Summary
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out of bounds write
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attachments.samba.org/attachment.cgi?id=14735"
},
{
"name": "106301",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106301"
},
{
"name": "46034",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46034/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"
},
{
"name": "46048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46048/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-48"
},
{
"name": "DSA-4356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4356"
},
{
"name": "46675",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-1160",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T19:35:31.764658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:35:35.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "Before 3.1.12"
}
]
}
],
"datePublic": "2018-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out of bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T20:06:06.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attachments.samba.org/attachment.cgi?id=14735"
},
{
"name": "106301",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106301"
},
{
"name": "46034",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46034/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"
},
{
"name": "46048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46048/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-48"
},
{
"name": "DSA-4356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4356"
},
{
"name": "46675",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-12-20T00:00:00",
"ID": "CVE-2018-1160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netatalk",
"version": {
"version_data": [
{
"version_value": "Before 3.1.12"
}
]
}
}
]
},
"vendor_name": "Netatalk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html",
"refsource": "CONFIRM",
"url": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html"
},
{
"name": "https://attachments.samba.org/attachment.cgi?id=14735",
"refsource": "MISC",
"url": "https://attachments.samba.org/attachment.cgi?id=14735"
},
{
"name": "106301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106301"
},
{
"name": "46034",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46034/"
},
{
"name": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/",
"refsource": "MISC",
"url": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"
},
{
"name": "46048",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46048/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_62",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_62"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-48",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-48"
},
{
"name": "DSA-4356",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4356"
},
{
"name": "46675",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46675/"
},
{
"name": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1160",
"datePublished": "2018-12-20T21:00:00.000Z",
"dateReserved": "2017-12-05T00:00:00.000Z",
"dateUpdated": "2026-02-13T19:35:35.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}