CVE-2022-45188

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-45188
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ Mailing List
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html Release Notes Third Party Advisory
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html Broken Link
https://rushbnt.github.io/bug%20analysis/netatalk-0day/ Exploit Third Party Advisory
https://security.gentoo.org/glsa/202311-02 Issue Tracking Third Party Advisory
https://sourceforge.net/projects/netatalk/files/netatalk/ Release Notes Third Party Advisory
https://www.debian.org/security/2023/dsa-5503 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ Mailing List
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html Release Notes Third Party Advisory
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html Broken Link
https://rushbnt.github.io/bug%20analysis/netatalk-0day/ Exploit Third Party Advisory
https://security.gentoo.org/glsa/202311-02 Issue Tracking Third Party Advisory
https://sourceforge.net/projects/netatalk/files/netatalk/ Release Notes Third Party Advisory
https://www.debian.org/security/2023/dsa-5503 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
History

21 Nov 2024, 07:28

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ - Mailing List () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ - Mailing List () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ - Mailing List () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ - Mailing List
References () https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html - Release Notes, Third Party Advisory () https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html - Release Notes, Third Party Advisory
References () https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html - Broken Link () https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html - Broken Link
References () https://rushbnt.github.io/bug%20analysis/netatalk-0day/ - Exploit, Third Party Advisory () https://rushbnt.github.io/bug%20analysis/netatalk-0day/ - Exploit, Third Party Advisory
References () https://security.gentoo.org/glsa/202311-02 - Issue Tracking, Third Party Advisory () https://security.gentoo.org/glsa/202311-02 - Issue Tracking, Third Party Advisory
References () https://sourceforge.net/projects/netatalk/files/netatalk/ - Release Notes, Third Party Advisory () https://sourceforge.net/projects/netatalk/files/netatalk/ - Release Notes, Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5503 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5503 - Third Party Advisory

28 Dec 2023, 15:12

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/', 'name': 'FEDORA-2023-599faf1b1c', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/', 'name': 'FEDORA-2023-aaeb45fb73', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/', 'name': 'FEDORA-2023-e714897e70', 'tags': [], 'refsource': 'FEDORA'}
  • (GENTOO) https://security.gentoo.org/glsa/202311-02 - Issue Tracking, Third Party Advisory
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ - Mailing List
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ - Mailing List
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5503 - Third Party Advisory
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ - Mailing List
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html - Mailing List, Third Party Advisory
CPE cpe:2.3:a:netatalk_project:netatalk:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

17 May 2023, 01:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html -

15 Apr 2023, 04:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ -
References (MISC) https://rushbnt.github.io/bug%20analysis/netatalk-0day/ - (MISC) https://rushbnt.github.io/bug%20analysis/netatalk-0day/ - Exploit, Third Party Advisory
References (MISC) https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html - (MISC) https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html - Release Notes, Third Party Advisory
References (MISC) https://sourceforge.net/projects/netatalk/files/netatalk/ - (MISC) https://sourceforge.net/projects/netatalk/files/netatalk/ - Release Notes, Third Party Advisory
References (MISC) https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html - (MISC) https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html - Broken Link
CPE cpe:2.3:a:netatalk_project:netatalk:*:*:*:*:*:*:*:*
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

12 Nov 2022, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-11-12 05:15

Updated : 2024-11-21 07:28

NVD link : CVE-2022-45188

Mitre link : CVE-2022-45188

CVE.ORG link : CVE-2022-45188

JSON object : View

Products Affected

debian

  • debian_linux

netatalk

  • netatalk

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write