This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
References
Configurations
History
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Sep 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netatalk netatalk
Netatalk |
|
CPE | cpe:2.3:a:netatalk:netatalk:3.1.13:*:*:*:*:*:*:* |
21 Sep 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 May 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Apr 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Apr 2023, 14:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netatalk Project
Netatalk Project netatalk |
|
References | (MISC) https://github.com/Netatalk/Netatalk/pull/186 - Patch | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-094/ - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:netatalk_project:netatalk:3.1.13:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
29 Mar 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-29 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-43634
Mitre link : CVE-2022-43634
CVE.ORG link : CVE-2022-43634
JSON object : View
Products Affected
netatalk
- netatalk
CWE
CWE-122
Heap-based Buffer Overflow