This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
References
Configurations
History
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Sep 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netatalk:netatalk:3.1.13:*:*:*:*:*:*:* | |
First Time |
Netatalk
Netatalk netatalk |
21 Sep 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2023-03-29 19:15
Updated : 2024-02-28 20:13
NVD link : CVE-2022-43634
Mitre link : CVE-2022-43634
CVE.ORG link : CVE-2022-43634
JSON object : View
Products Affected
netatalk
- netatalk
CWE
CWE-122
Heap-based Buffer Overflow