This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
References
Configurations
History
17 May 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Apr 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netatalk_project:netatalk:3.1.13:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References |
|
|
References | (MISC) https://github.com/Netatalk/Netatalk/pull/186 - Patch | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-094/ - Third Party Advisory, VDB Entry |
29 Mar 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-29 19:15
Updated : 2024-02-04 23:37
NVD link : CVE-2022-43634
Mitre link : CVE-2022-43634
CVE.ORG link : CVE-2022-43634
JSON object : View
Products Affected
netatalk
- netatalk
CWE
CWE-122
Heap-based Buffer Overflow