CVE-2022-45188
Summary
| CVE | CVE-2022-45188 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-12 05:15:00 UTC |
| Updated | 2023-12-28 15:12:00 UTC |
| Description | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
| Application | Netatalk | Netatalk | All | All | All | All |
| Application | Netatalk Project | Netatalk | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 36 Update: netatalk-3.1.14-3.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: netatalk-3.1.14-3.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| netatalk - Browse /netatalk at SourceForge.net | MISC | sourceforge.net | |
| Netatalk: Multiple Vulnerabilities including root remote code execution (GLSA 202311-02) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 37 Update: netatalk-3.1.14-3.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: netatalk-3.1.14-3.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [1day to 0day] Netatalk from Pwn2own 2021 to 0x00 cent in 2022 - Bla Bla blog | MISC | rushbnt.github.io | |
| [SECURITY] Fedora 38 Update: netatalk-3.1.14-3.fc38 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Netatalk Release Notes | MISC | netatalk.sourceforge.io | |
| Debian -- Security Information -- DSA-5503-1 netatalk | DEBIAN | www.debian.org | |
| [SECURITY] [DLA 3426-1] netatalk security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 36 Update: netatalk-3.1.14-3.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Encountered a 404 error | MISC | netatalk.sourceforge.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181789 Debian Security Update for netatalk (DLA 3426-1)
- 199403 Ubuntu Security Notification for Netatalk Vulnerabilities (USN-6146-1)
- 283871 Fedora Security Update for netatalk (FEDORA-2023-e714897e70)
- 283872 Fedora Security Update for netatalk (FEDORA-2023-aaeb45fb73)
- 284201 Fedora Security Update for netatalk (FEDORA-2023-599faf1b1c)
- 502991 Alpine Linux Security Update for netatalk
- 505769 Alpine Linux Security Update for netatalk
- 6000181 Debian Security Update for netatalk (DSA 5503-1)
- 710785 Gentoo Linux Netatalk Multiple Vulnerabilities including root Remote Code Execution (RCE) (GLSA 202311-02)
- 752998 SUSE Enterprise Linux Security Update for netatalk (SUSE-SU-2022:4360-1)