CVE-2022-23121

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Configurations

Configuration 1 (hide)

cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

22 Nov 2023, 21:02

Type Values Removed Values Added
CPE cpe:2.3:a:netatalk_project:netatalk:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5503 - Third Party Advisory
  • (GENTOO) https://security.gentoo.org/glsa/202311-02 - Issue Tracking, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html - Mailing List, Third Party Advisory

01 Jun 2023, 20:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html -

17 May 2023, 01:15

Type Values Removed Values Added
CPE cpe:2.3:a:netatalk_project:netatalk:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html -
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-527/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-527/ - Third Party Advisory, VDB Entry
References (MISC) https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html - (MISC) https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html - Release Notes

28 Mar 2023, 19:19

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-28 19:15

Updated : 2024-02-04 23:37


NVD link : CVE-2022-23121

Mitre link : CVE-2022-23121

CVE.ORG link : CVE-2022-23121


JSON object : View

Products Affected

netatalk

  • netatalk

debian

  • debian_linux
CWE
CWE-755

Improper Handling of Exceptional Conditions