Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-43634 | 1 Netatalk Project | 1 Netatalk | 2024-02-04 | N/A | 9.8 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. | |||||
CVE-2018-1160 | 3 Debian, Netatalk Project, Synology | 7 Debian Linux, Netatalk, Diskstation Manager and 4 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. |