CVE-2022-43634

NameCVE-2022-43634
DescriptionThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3426-1, DSA-5503-1
Debian Bugs1034170

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netatalk (PTS)stretch (security), stretch (lts), stretch2.2.5-2+deb9u1vulnerable
buster (security), buster, buster (lts)3.1.12~ds-3+deb10u5fixed
bullseye (security), bullseye3.1.12~ds-8+deb11u1fixed
sid, trixie4.0.3~ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netatalksourcestretch(unfixed)end-of-life
netatalksourcebuster3.1.12~ds-3+deb10u1DLA-3426-1
netatalksourcebullseye3.1.12~ds-8+deb11u1DSA-5503-1
netatalksource(unstable)3.1.15~ds-11034170

Notes

https://github.com/Netatalk/Netatalk/pull/186
https://github.com/advisories/GHSA-fwj9-7qq8-jc93
https://www.zerodayinitiative.com/advisories/ZDI-23-094/
https://github.com/Netatalk/netatalk/commit/5fcb4ab02aced14484310165b3d754bb2f0820ca
https://github.com/Netatalk/netatalk/commit/e6a9ce5b8145d0b39851fbf80916035a714e9d59 (netatalk-3-1-15)
Search for package or bug name: Reporting problems