CVE-2022-23125

2023-03-2819:15:10

Debian Security Bug Tracker

security-tracker.debian.org

vulnerability

netatalk

remote code execution

authentication

copyapplfile

length validation

root access

zdi-can-15869

unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.039 Low

EPSS

Percentile

92.0%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.

OSVersionArchitecturePackageVersionFilename
Debian11allnetatalk< 3.1.12~ds-8+deb11u1netatalk_3.1.12~ds-8+deb11u1_all.deb
Debian999allnetatalk< 3.1.13~ds-1netatalk_3.1.13~ds-1_all.deb
Debian13allnetatalk< 3.1.13~ds-1netatalk_3.1.13~ds-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	netatalk	< 3.1.12~ds-8+deb11u1	netatalk_3.1.12~ds-8+deb11u1_all.deb
Debian	999	all	netatalk	< 3.1.13~ds-1	netatalk_3.1.13~ds-1_all.deb
Debian	13	all	netatalk	< 3.1.13~ds-1	netatalk_3.1.13~ds-1_all.deb