CVE-2022-23121

CRITICAL

netatalk < 3.1.13 - Unauthenticated Remote Code Execution via AppleDouble Entry Parsing

Title source: llm

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.

References (7)

Core 7

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5503

Issue Tracking, Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202311-02

Release Notes

https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-527/

Third Party Advisory, US Government Resource

https://www.kb.cert.org/vuls/id/709991

Scores

CVSS v3 9.8

EPSS 0.0853

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-755

Status published

Products (3)

debian/debian_linux 10.0

debian/debian_linux 11.0

netatalk/netatalk < 3.1.13

Published Mar 28, 2023

Tracked Since Feb 18, 2026