First published: Mon Feb 06 2023(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
Affected Software | Affected Version | How to fix |
---|---|---|
Netatalk Netatalk |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of ZDI-23-094 is critical, with a CVSS score of 9.8.
The vulnerability allows remote attackers to execute arbitrary code by exploiting a heap-based buffer overflow in Netatalk's dsi_writeinit function.
No, authentication is not required to exploit the ZDI-23-094 vulnerability.
The affected software of ZDI-23-094 is Netatalk, specifically the Netatalk product.
To fix the ZDI-23-094 vulnerability, update to the latest version of Netatalk and apply any patches or security updates provided by the vendor.