CVE-2023-42464

20.09.2023, 15:15

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

Type Confusion

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
netatalk	netatalk	3.1 ≤ 𝑥 < 3.1.17
debian	debian_linux	10.0
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

netatalk

bullseye	3.1.12~ds-8+deb11u1 fixed
bullseye (security)	3.1.12~ds-8+deb11u2 fixed
sid	4.0.8~ds-1 fixed
trixie	4.0.8~ds-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

netatalk

oracular	not-affected
noble	needed
mantic	ignored
lunar	Fixed 3.1.14~ds-1ubuntu0.1 released
jammy	Fixed 3.1.12~ds-9ubuntu0.22.04.3 released
focal	Fixed 3.1.12~ds-4ubuntu0.20.04.3 released
bionic	not-affected
xenial	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

https://github.com/Netatalk/netatalk/issues/486

https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html

https://netatalk.io/security/CVE-2023-42464

https://netatalk.sourceforge.io/

https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html

https://netatalk.sourceforge.io/CVE-2023-42464.php