CVE Vulnerability

CVE-2022-45188

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://rushbnt.github.io/bug%20analysis/netatalk-0day/ Exploit Third Party Advisory
https://sourceforge.net/projects/netatalk/files/netatalk/ Release Notes Third Party Advisory
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html Release Notes Third Party Advisory
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html Broken Link
Configurations

Configuration 1

cpe:2.3:a:netatalk_project:netatalk:*:*:*:*:*:*:*:*
Information

Published : 2022-11-12 05:15

Updated : 2022-11-17 04:16

NVD link : CVE-2022-45188

Mitre link : CVE-2022-45188

Products Affected
No products.
CWE
CWE-787