First published: Sat Nov 12 2022(Updated: )
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
<=3.1.13 | ||
=10.0 | ||
=11.0 | ||
=36 | ||
=37 | ||
=38 | ||
Netatalk Netatalk | <=3.1.13 | |
debian/netatalk | <=3.1.12~ds-3 | 3.1.12~ds-3+deb10u4 3.1.12~ds-8+deb11u1 3.1.18~ds-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45188 is a vulnerability in Netatalk through 3.1.13 that allows remote attackers to execute arbitrary code via a crafted .appl file.
CVE-2022-45188 has a severity rating of 7.8 (high).
Platforms such as FreeBSD (used for TrueNAS) are affected by CVE-2022-45188.
CVE-2022-45188 can provide remote root access on certain platforms, such as FreeBSD, by exploiting the afp_getappl heap-based buffer overflow vulnerability.
Yes, a fix is available for CVE-2022-45188. The affected software versions should be updated to versions that have addressed the vulnerability.