CVE-2022-23123

28.03.2023, 19:15

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
netatalk	netatalk	𝑥 < 3.1.13
debian	debian_linux	10.0
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

netatalk

bullseye (security)	3.1.12~ds-8+deb11u1 fixed
bullseye	3.1.12~ds-8+deb11u1 fixed
sid	4.0.3~ds-2 fixed
trixie	4.0.3~ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

netatalk

lunar	not-affected
kinetic	not-affected
jammy	Fixed 3.1.12~ds-9ubuntu0.22.04.1 released
impish	ignored
focal	Fixed 3.1.12~ds-4ubuntu0.20.04.1 released
bionic	Fixed 2.2.6-1ubuntu0.18.04.2+esm1 released
xenial	Fixed 2.2.5-1ubuntu0.2+esm1 released
trusty	Fixed 2.2.2-1ubuntu2.2+esm1 released

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html

https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html

https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html

https://security.gentoo.org/glsa/202311-02