CVE-2022-23125

NameCVE-2022-23125
DescriptionThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3426-1, DSA-5503-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netatalk (PTS)stretch (security), stretch (lts), stretch2.2.5-2+deb9u1vulnerable
buster (security), buster, buster (lts)3.1.12~ds-3+deb10u5fixed
bullseye (security), bullseye3.1.12~ds-8+deb11u1fixed
sid, trixie4.0.3~ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netatalksourcestretch(unfixed)end-of-life
netatalksourcebuster3.1.12~ds-3+deb10u1DLA-3426-1
netatalksourcebullseye3.1.12~ds-8+deb11u1DSA-5503-1
netatalksource(unstable)3.1.13~ds-1

Notes

https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa

Search for package or bug name: Reporting problems