CVSS: 10.0EPSS: 8%CPEs: 3EXPL: 0CVE-2023-42464 – Debian Security Advisory 5503-1
https://notcve.org/view.php?id=CVE-2023-42464
20 Sep 2023 — A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of... • https://github.com/Netatalk/netatalk/issues/486 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-45188 – Synology DiskStation Manager Serv.php Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-45188
12 Nov 2022 — Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). Netatalk hasta 3.1.13 tiene un Desbordamiento del Búfer en afp_getappl que genera la ejecución de código a través de un archivo .appl manipulado. Esto proporciona acceso raíz remoto en algunas plataformas como FreeBSD (utilizado para TrueNAS). This vulnerability allows remote attackers to bypass auth... • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2022-22995 – Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk
https://notcve.org/view.php?id=CVE-2022-22995
25 Mar 2022 — The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. La combinación de primitivas que ofrecen SMB y AFP en su configuración por defecto permite la escritura arbitraria de archivos. Al explotar esta combinación de primitivas, un atacante puede ejecutar código arbitrario It was discovered that Netatalk did not properly protect an SMB and AFP default confi... • https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 10%CPEs: 3EXPL: 0CVE-2022-0194 – Netatalk ad_addcomment Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-0194
23 Mar 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 15%CPEs: 3EXPL: 0CVE-2022-23121 – Netatalk parse_entries Improper Handling of Exceptional Conditions Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-23121
23 Mar 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 6%CPEs: 3EXPL: 0CVE-2022-23122 – Netatalk setfilparams Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-23122
23 Mar 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 0CVE-2022-23123 – Netatalk getdirparams Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-23123
23 Mar 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23124 – Netatalk get_finderinfo Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-23124
23 Mar 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 31%CPEs: 3EXPL: 0CVE-2022-23125 – Netatalk copyapplfile Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-23125
23 Mar 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31439 – Synology DiskStation Manager Netatalk dsi_doff Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31439
29 Apr 2021 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •