Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2024-38441

Medium priority
Needs evaluation

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c.

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38440

Medium priority
Needs evaluation

Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated:...

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38439

Medium priority
Needs evaluation

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-42464

Medium priority

Some fixes available 3 of 5

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are...

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Vulnerable Fixed Fixed Not affected Not affected
Show less packages

CVE-2022-43634

High priority

Some fixes available 3 of 6

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function....

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Fixed Fixed Ignored Ignored
Show less packages

CVE-2022-45188

High priority
Fixed

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-22995

Medium priority

Some fixes available 2 of 4

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Not affected Fixed Fixed Not affected Not affected
Show less packages

CVE-2022-23125

High priority

Some fixes available 5 of 6

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function....

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-23124

Medium priority

Some fixes available 2 of 6

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo...

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Fixed Fixed Ignored Ignored
Show less packages

CVE-2022-23123

Medium priority

Some fixes available 5 of 6

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams...

1 affected package

netatalk

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netatalk Fixed Fixed Fixed Fixed
Show less packages