Unrated severityNVD Advisory· Published Dec 20, 2018· Updated Feb 13, 2026

CVE-2018-1160

Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Affected products

Netatalk/Netatalkv5
Range: Before 3.1.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46034/mitreexploitx_refsource_EXPLOIT-DB
www.exploit-db.com/exploits/46048/mitreexploitx_refsource_EXPLOIT-DB
www.exploit-db.com/exploits/46675/mitreexploitx_refsource_EXPLOIT-DB
www.debian.org/security/2018/dsa-4356mitrevendor-advisoryx_refsource_DEBIAN
netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.htmlmitrex_refsource_CONFIRM
packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.htmlmitrex_refsource_MISC
www.securityfocus.com/bid/106301mitrevdb-entryx_refsource_BID
attachments.samba.org/attachment.cgimitrex_refsource_MISC
github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/mitrex_refsource_MISC
www.synology.com/security/advisory/Synology_SA_18_62mitrex_refsource_CONFIRM
www.tenable.com/security/research/tra-2018-48mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.071
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000