CVE-2022-22995

NameCVE-2022-22995
DescriptionThe combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3706-1
Debian Bugs1053545

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netatalk (PTS)stretch (security), stretch (lts), stretch2.2.5-2+deb9u1vulnerable
buster (security), buster, buster (lts)3.1.12~ds-3+deb10u5fixed
bullseye (security), bullseye3.1.12~ds-8+deb11u1vulnerable
sid, trixie4.0.6~ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netatalksourcestretch(unfixed)end-of-life
netatalksourcebuster3.1.12~ds-3+deb10u5DLA-3706-1
netatalksource(unstable)3.1.18~ds-11053545

Notes

[bullseye] - netatalk <no-dsa> (Minor issue)
https://netatalk.sourceforge.io/CVE-2022-22995.php
https://github.com/Netatalk/netatalk/pull/509
https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb

Search for package or bug name: Reporting problems