Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | netatalk | <Â 3.1.12~ds-8+deb11u1 | netatalk_3.1.12~ds-8+deb11u1_all.deb |
Debian | 10 | all | netatalk | <Â 3.1.12~ds-3+deb10u1 | netatalk_3.1.12~ds-3+deb10u1_all.deb |
Debian | 999 | all | netatalk | <Â 3.1.15~ds-1 | netatalk_3.1.15~ds-1_all.deb |
Debian | 13 | all | netatalk | <Â 3.1.15~ds-1 | netatalk_3.1.15~ds-1_all.deb |