Name | CVE-2022-22995 |
Description | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-3706-1 |
Debian Bugs | 1053545 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
netatalk (PTS) | stretch (security), stretch (lts), stretch | 2.2.5-2+deb9u1 | vulnerable |
| buster (security), buster, buster (lts) | 3.1.12~ds-3+deb10u5 | fixed |
| bullseye (security), bullseye | 3.1.12~ds-8+deb11u1 | vulnerable |
| sid, trixie | 4.0.6~ds-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
[bullseye] - netatalk <no-dsa> (Minor issue)
https://netatalk.sourceforge.io/CVE-2022-22995.php
https://github.com/Netatalk/netatalk/pull/509
https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb