Refine your search
20 vulnerabilities found for Netatalk by Netatalk
CVE-2024-38441 (GCVE-0-2024-38441)
Vulnerability from nvd
Published
2024-06-16 00:00
Modified
2025-11-03 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T14:42:12.811914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:00:04.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:39.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38441"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:42:13.867Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"url": "https://netatalk.io/security/CVE-2024-38441"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38441",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:39.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38440 (GCVE-0-2024-38440)
Vulnerability from nvd
Published
2024-06-16 00:00
Modified
2025-11-03 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).' 2.4.1 and 3.1.19 are also fixed versions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:37.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1097"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38440"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:58:42.371385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:00:08.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: \u0027The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: \"afpd\", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=\u003coptimized out\u003e, ibuf=0x62d000010424 \"\", ibuflen=0xffffffffffff0015, rbuf=\u003coptimized out\u003e, rbuflen=\u003coptimized out\u003e) ... afp_over_dsi(obj=0x5555556154c0 \u003cobj\u003e).\u0027 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:46:48.612Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1097"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5"
},
{
"url": "https://netatalk.io/security/CVE-2024-38440"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38440",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:37.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38439 (GCVE-0-2024-38439)
Vulnerability from nvd
Published
2024-06-16 00:00
Modified
2025-11-03 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:36.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1096"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38439"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "2.4.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.19",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38439",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T16:46:15.915682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T16:49:30.004Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to \u0027\\0\u0027 in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:37:15.807Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1096"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"
},
{
"url": "https://netatalk.io/security/CVE-2024-38439"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38439",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:36.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23125 (GCVE-0-2022-23125)
Vulnerability from nvd
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:57.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "5.18.117"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:22.856Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23125",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:57.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23124 (GCVE-0-2022-23124)
Vulnerability from nvd
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:18.022Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23124",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23123 (GCVE-0-2022-23123)
Vulnerability from nvd
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:55.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:26.028Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23123",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:55.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23122 (GCVE-0-2022-23122)
Vulnerability from nvd
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:54.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:16.491Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23122",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:54.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23121 (GCVE-0-2022-23121)
Vulnerability from nvd
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) "
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:24.449Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23121",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:53.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0194 (GCVE-0-2022-0194)
Vulnerability from nvd
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:50.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:19.530Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-0194",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:50.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-22995 (GCVE-0-2022-22995)
Vulnerability from nvd
Published
2022-03-25 00:00
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Western Digital | My Cloud |
Version: My Cloud OS 5 < 5.19.117 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:48.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"
},
{
"name": "FEDORA-2023-cec97f7b5d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"
},
{
"name": "FEDORA-2023-ef901c862c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"name": "FEDORA-2023-39f0ec3879",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"
},
{
"name": "[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "My Cloud",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 5.19.117",
"status": "affected",
"version": "My Cloud OS 5",
"versionType": "custom"
}
]
},
{
"platforms": [
"Android "
],
"product": "My Cloud Home",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 7.16-220",
"status": "affected",
"version": "My Cloud Home",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro\u2019s Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T22:06:13.592Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"
},
{
"name": "FEDORA-2023-cec97f7b5d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"
},
{
"name": "FEDORA-2023-ef901c862c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"name": "FEDORA-2023-39f0ec3879",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"
},
{
"name": "[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"
}
],
"solutions": [
{
"lang": "en",
"value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-22995",
"datePublished": "2022-03-25T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:48.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38440 (GCVE-0-2024-38440)
Vulnerability from cvelistv5
Published
2024-06-16 00:00
Modified
2025-11-03 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).' 2.4.1 and 3.1.19 are also fixed versions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:37.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1097"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38440"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:58:42.371385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:00:08.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: \u0027The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: \"afpd\", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=\u003coptimized out\u003e, ibuf=0x62d000010424 \"\", ibuflen=0xffffffffffff0015, rbuf=\u003coptimized out\u003e, rbuflen=\u003coptimized out\u003e) ... afp_over_dsi(obj=0x5555556154c0 \u003cobj\u003e).\u0027 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:46:48.612Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1097"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5"
},
{
"url": "https://netatalk.io/security/CVE-2024-38440"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38440",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:37.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38441 (GCVE-0-2024-38441)
Vulnerability from cvelistv5
Published
2024-06-16 00:00
Modified
2025-11-03 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T14:42:12.811914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:00:04.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:39.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38441"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:42:13.867Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"url": "https://netatalk.io/security/CVE-2024-38441"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38441",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:39.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38439 (GCVE-0-2024-38439)
Vulnerability from cvelistv5
Published
2024-06-16 00:00
Modified
2025-11-03 21:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:36.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1096"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38439"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "2.4.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.19",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38439",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T16:46:15.915682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T16:49:30.004Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to \u0027\\0\u0027 in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:37:15.807Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1096"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"
},
{
"url": "https://netatalk.io/security/CVE-2024-38439"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38439",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:36.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23121 (GCVE-0-2022-23121)
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) "
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:24.449Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23121",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:53.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23124 (GCVE-0-2022-23124)
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:18.022Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-525/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23124",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23123 (GCVE-0-2022-23123)
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:55.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:26.028Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-528/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3426-3] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23123",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:55.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23125 (GCVE-0-2022-23125)
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:57.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "5.18.117"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:22.856Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-526/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23125",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:57.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0194 (GCVE-0-2022-0194)
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:50.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Theori (@theori_io)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:19.530Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-530/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-0194",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:50.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23122 (GCVE-0-2022-23122)
Vulnerability from cvelistv5
Published
2023-03-28 00:00
Modified
2025-11-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:54.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Orange Tsai (@orange_8361) from DEVCORE Research Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:16.491Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-529/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23122",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:54.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-22995 (GCVE-0-2022-22995)
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2025-11-03 21:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Western Digital | My Cloud |
Version: My Cloud OS 5 < 5.19.117 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:48.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"
},
{
"name": "FEDORA-2023-cec97f7b5d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"
},
{
"name": "FEDORA-2023-ef901c862c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"name": "FEDORA-2023-39f0ec3879",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"
},
{
"name": "[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "My Cloud",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 5.19.117",
"status": "affected",
"version": "My Cloud OS 5",
"versionType": "custom"
}
]
},
{
"platforms": [
"Android "
],
"product": "My Cloud Home",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 7.16-220",
"status": "affected",
"version": "My Cloud Home",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro\u2019s Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T22:06:13.592Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"
},
{
"name": "FEDORA-2023-cec97f7b5d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"
},
{
"name": "FEDORA-2023-ef901c862c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"name": "FEDORA-2023-39f0ec3879",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"
},
{
"name": "[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"
}
],
"solutions": [
{
"lang": "en",
"value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-22995",
"datePublished": "2022-03-25T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:48.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}