Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43634

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.

Published

2023-03-29T19:15:20.273

Last Modified

2024-11-21T07:26:56.263

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-122

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	netatalk	netatalk	3.1.13	Yes

References

https://github.com/Netatalk/Netatalk/pull/186 Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ ([email protected])
https://www.debian.org/security/2023/dsa-5503 ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-23-094/ Third Party Advisory, VDB Entry ([email protected])
https://github.com/Netatalk/Netatalk/pull/186 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5503 (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-23-094/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)