Ubuntu.comUB:CVE-2022-23123CVE-2022-23123
0.026 Low
EPSS
Percentile
90.2%
This vulnerability allows remote attackers to disclose sensitive
information on affected installations of Netatalk. Authentication is not
required to exploit this vulnerability. The specific flaw exists within the
getdirparams method. The issue results from the lack of proper validation
of user-supplied data, which can result in a read past the end of an
allocated buffer. An attacker can leverage this in conjunction with other
vulnerabilities to execute arbitrary code in the context of root. Was
ZDI-CAN-15830.
This vulnerability allows remote attackers to disclose sensitive
information on affected installations of Netatalk. Authentication is not
required to exploit this vulnerability.
The specific flaw exists within the getdirparams method. The issue results
from the lack of proper validation of user-supplied data, which can result
in a read past the end of an allocated buffer. An attacker can leverage
this in conjunction with other vulnerabilities to execute arbitrary code in
the context of root.]
Notes
| Author | Note |
|---|---|
| 0xnishit | Backporting MR is still in progress and have some regression issue Backporintg MR: https://github.com/Netatalk/Netatalk/pull/173 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | netatalk | <Â 2.2.6-1ubuntu0.18.04.2+esm1 | UNKNOWN |
| ubuntu | 20.04 | noarch | netatalk | <Â 3.1.12~ds-4ubuntu0.20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | netatalk | <Â 3.1.12~ds-9ubuntu0.22.04.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | netatalk | <Â 2.2.2-1ubuntu2.2+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 16.04 | noarch | netatalk | <Â 2.2.5-1ubuntu0.2+esm1 | UNKNOWN |
Related
