Search criteria
17 vulnerabilities by Netatalk
CVE-2024-38439 (GCVE-0-2024-38439)
Vulnerability from cvelistv5 – Published: 2024-06-16 00:00 – Updated: 2025-11-03 21:55
VLAI?
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:36.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1096"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38439"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "2.4.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.19",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38439",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T16:46:15.915682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T16:49:30.004Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to \u0027\\0\u0027 in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:37:15.807Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1096"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"
},
{
"url": "https://netatalk.io/security/CVE-2024-38439"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38439",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:36.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38441 (GCVE-0-2024-38441)
Vulnerability from cvelistv5 – Published: 2024-06-16 00:00 – Updated: 2025-11-03 21:55
VLAI?
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T14:42:12.811914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:00:04.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:39.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38441"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:42:13.867Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"url": "https://netatalk.io/security/CVE-2024-38441"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38441",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:39.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38440 (GCVE-0-2024-38440)
Vulnerability from cvelistv5 – Published: 2024-06-16 00:00 – Updated: 2025-11-03 21:55
VLAI?
Summary
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).' 2.4.1 and 3.1.19 are also fixed versions.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:37.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1097"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38440"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:58:42.371385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:00:08.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: \u0027The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: \"afpd\", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=\u003coptimized out\u003e, ibuf=0x62d000010424 \"\", ibuflen=0xffffffffffff0015, rbuf=\u003coptimized out\u003e, rbuflen=\u003coptimized out\u003e) ... afp_over_dsi(obj=0x5555556154c0 \u003cobj\u003e).\u0027 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:46:48.612Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1097"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5"
},
{
"url": "https://netatalk.io/security/CVE-2024-38440"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38440",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:37.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-42464 (GCVE-0-2023-42464)
Vulnerability from cvelistv5 – Published: 2023-09-20 00:00 – Updated: 2024-08-02 19:23
VLAI?
Summary
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/486"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3584-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/CVE-2023-42464.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2023-42464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T08:19:48.643325",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/"
},
{
"url": "https://github.com/Netatalk/netatalk/issues/486"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3584-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html"
},
{
"url": "https://netatalk.sourceforge.io/CVE-2023-42464.php"
},
{
"url": "https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html"
},
{
"url": "https://netatalk.io/security/CVE-2023-42464"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42464",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2023-09-11T00:00:00",
"dateUpdated": "2024-08-02T19:23:39.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43634 (GCVE-0-2022-43634)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-12 17:42
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:05.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-094/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/Netatalk/pull/186"
},
{
"name": "FEDORA-2023-aaeb45fb73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/"
},
{
"name": "FEDORA-2023-e714897e70",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/"
},
{
"name": "FEDORA-2023-599faf1b1c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T17:41:58.753550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T17:42:14.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T04:06:20.590Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-094/"
},
{
"url": "https://github.com/Netatalk/Netatalk/pull/186"
},
{
"name": "FEDORA-2023-aaeb45fb73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/"
},
{
"name": "FEDORA-2023-e714897e70",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/"
},
{
"name": "FEDORA-2023-599faf1b1c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-43634",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-10-21T00:00:00.000Z",
"dateUpdated": "2025-02-12T17:42:14.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0194 (GCVE-0-2022-0194)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Theori (@theori_io)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:50.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:19.530Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-0194",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:50.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23124 (GCVE-0-2022-23124)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Credits
Theori (@theori_io)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:18.022Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23124",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23121 (GCVE-0-2022-23121)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Severity ?
9.8 (Critical)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) "
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:24.449Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23121",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:53.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23125 (GCVE-0-2022-23125)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Theori (@theori_io)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:57.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "5.18.117"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:22.856Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23125",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:57.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23122 (GCVE-0-2022-23122)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Orange Tsai (@orange_8361) from DEVCORE Research Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:54.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:16.491Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23122",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:54.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23123 (GCVE-0-2022-23123)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI?
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
Orange Tsai (@orange_8361) from DEVCORE Research Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:55.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:26.028Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23123",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:55.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45188 (GCVE-0-2022-45188)
Vulnerability from cvelistv5 – Published: 2022-11-12 00:00 – Updated: 2024-08-03 14:09
VLAI?
Summary
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceforge.net/projects/netatalk/files/netatalk/"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://rushbnt.github.io/bug%20analysis/netatalk-0day/"
},
{
"name": "FEDORA-2023-aaeb45fb73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/"
},
{
"name": "FEDORA-2023-e714897e70",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/"
},
{
"name": "FEDORA-2023-599faf1b1c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:21.224705",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sourceforge.net/projects/netatalk/files/netatalk/"
},
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html"
},
{
"url": "https://rushbnt.github.io/bug%20analysis/netatalk-0day/"
},
{
"name": "FEDORA-2023-aaeb45fb73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/"
},
{
"name": "FEDORA-2023-e714897e70",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/"
},
{
"name": "FEDORA-2023-599faf1b1c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45188",
"datePublished": "2022-11-12T00:00:00",
"dateReserved": "2022-11-11T00:00:00",
"dateUpdated": "2024-08-03T14:09:56.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22995 (GCVE-0-2022-22995)
Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2025-11-03 21:45
VLAI?
Summary
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
Severity ?
10 (Critical)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Western Digital | My Cloud |
Affected:
My Cloud OS 5 , < 5.19.117
(custom)
|
|||||||
|
|||||||||
Credits
Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro’s Zero Day Initiative
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:48.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"
},
{
"name": "FEDORA-2023-cec97f7b5d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"
},
{
"name": "FEDORA-2023-ef901c862c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"name": "FEDORA-2023-39f0ec3879",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"
},
{
"name": "[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "My Cloud",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 5.19.117",
"status": "affected",
"version": "My Cloud OS 5",
"versionType": "custom"
}
]
},
{
"platforms": [
"Android "
],
"product": "My Cloud Home",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 7.16-220",
"status": "affected",
"version": "My Cloud Home",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro\u2019s Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T22:06:13.592Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"
},
{
"name": "FEDORA-2023-cec97f7b5d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"
},
{
"name": "FEDORA-2023-ef901c862c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"name": "FEDORA-2023-39f0ec3879",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"
},
{
"name": "[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"
}
],
"solutions": [
{
"lang": "en",
"value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-22995",
"datePublished": "2022-03-25T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:48.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-31439 (GCVE-0-2021-31439)
Vulnerability from cvelistv5 – Published: 2021-05-21 00:00 – Updated: 2024-08-03 22:55
VLAI?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | DiskStation Manager |
Affected:
6.1.1-15101-4
|
Credits
Angelboy(@scwuaptx) from DEVCORE Security Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-492/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DiskStation Manager",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "6.1.1-15101-4"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Angelboy(@scwuaptx) from DEVCORE Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:27.666921",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-492/"
},
{
"url": "https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-31439",
"datePublished": "2021-05-21T00:00:00",
"dateReserved": "2021-04-16T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1160 (GCVE-0-2018-1160)
Vulnerability from cvelistv5 – Published: 2018-12-20 21:00 – Updated: 2024-09-16 22:35
VLAI?
Summary
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out of bounds write
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attachments.samba.org/attachment.cgi?id=14735"
},
{
"name": "106301",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106301"
},
{
"name": "46034",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46034/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"
},
{
"name": "46048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46048/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-48"
},
{
"name": "DSA-4356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4356"
},
{
"name": "46675",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "Before 3.1.12"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out of bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T20:06:06",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attachments.samba.org/attachment.cgi?id=14735"
},
{
"name": "106301",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106301"
},
{
"name": "46034",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46034/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"
},
{
"name": "46048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46048/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-48"
},
{
"name": "DSA-4356",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4356"
},
{
"name": "46675",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-12-20T00:00:00",
"ID": "CVE-2018-1160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netatalk",
"version": {
"version_data": [
{
"version_value": "Before 3.1.12"
}
]
}
}
]
},
"vendor_name": "Netatalk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html",
"refsource": "CONFIRM",
"url": "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html"
},
{
"name": "https://attachments.samba.org/attachment.cgi?id=14735",
"refsource": "MISC",
"url": "https://attachments.samba.org/attachment.cgi?id=14735"
},
{
"name": "106301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106301"
},
{
"name": "46034",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46034/"
},
{
"name": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/",
"refsource": "MISC",
"url": "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"
},
{
"name": "46048",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46048/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_62",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_62"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-48",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-48"
},
{
"name": "DSA-4356",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4356"
},
{
"name": "46675",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46675/"
},
{
"name": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-1160",
"datePublished": "2018-12-20T21:00:00Z",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-09-16T22:35:09.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5718 (GCVE-0-2008-5718)
Vulnerability from cvelistv5 – Published: 2008-12-26 17:08 – Updated: 2024-08-07 11:04
VLAI?
Summary
The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=648189"
},
{
"name": "DSA-1705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1705"
},
{
"name": "34484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34484"
},
{
"name": "FEDORA-2009-3064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html"
},
{
"name": "FEDORA-2009-3069",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html"
},
{
"name": "33548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33548"
},
{
"name": "33227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33227"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "50824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50824"
},
{
"name": "32925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32925"
},
{
"name": "[oss-security] 20090114 update on CVE-2008-5718",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/13/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=648189"
},
{
"name": "DSA-1705",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1705"
},
{
"name": "34484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34484"
},
{
"name": "FEDORA-2009-3064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html"
},
{
"name": "FEDORA-2009-3069",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html"
},
{
"name": "33548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33548"
},
{
"name": "33227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33227"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "50824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50824"
},
{
"name": "32925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32925"
},
{
"name": "[oss-security] 20090114 update on CVE-2008-5718",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/13/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=648189",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=648189"
},
{
"name": "DSA-1705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1705"
},
{
"name": "34484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34484"
},
{
"name": "FEDORA-2009-3064",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00962.html"
},
{
"name": "FEDORA-2009-3069",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00966.html"
},
{
"name": "33548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33548"
},
{
"name": "33227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33227"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "50824",
"refsource": "OSVDB",
"url": "http://osvdb.org/50824"
},
{
"name": "32925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32925"
},
{
"name": "[oss-security] 20090114 update on CVE-2008-5718",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/13/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5718",
"datePublished": "2008-12-26T17:08:00",
"dateReserved": "2008-12-26T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0974 (GCVE-0-2004-0974)
Vulnerability from cvelistv5 – Published: 2004-10-20 04:00 – Updated: 2024-08-08 00:38
VLAI?
Summary
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "GLSA-200410-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "GLSA-200410-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "script-temporary-file-overwrite(17583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "2004-0050",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "GLSA-200410-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0974",
"datePublished": "2004-10-20T04:00:00",
"dateReserved": "2004-10-19T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}