ID CVE-2022-45188
Summary Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
References
Vulnerable Configurations
  • cpe:2.3:a:netatalk_project:netatalk:1.4.99-0.20000927:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.4.99-0.20000927:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.4.99-0.20001108:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.4.99-0.20001108:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:1.6.4:alpha1:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:1.6.4:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:netatalk_project:netatalk:3.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:netatalk_project:netatalk:3.1.12:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 17-11-2022 - 16:16
Published 12-11-2022 - 05:15
Last modified 17-11-2022 - 16:16
Back to Top