High severity7.8NVD Advisory· Published Nov 12, 2022· Updated Jun 17, 2026
CVE-2022-45188
CVE-2022-45188
Description
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versionspkg:rpm/suse/netatalk&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/netatalk&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 3.1.0-3.11.1+ 1 more
- (no CPE)range: < 3.1.0-3.11.1
- (no CPE)range: < 3.1.0-3.11.1
Patches
Vulnerability mechanics
References
10- rushbnt.github.io/bug%20analysis/netatalk-0day/nvdExploitThird Party Advisory
- lists.debian.org/debian-lts-announce/2023/05/msg00018.htmlnvdMailing ListThird Party Advisory
- netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.htmlnvdRelease NotesThird Party Advisory
- security.gentoo.org/glsa/202311-02nvdIssue TrackingThird Party Advisory
- sourceforge.net/projects/netatalk/files/netatalk/nvdRelease NotesThird Party Advisory
- www.debian.org/security/2023/dsa-5503nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/nvdMailing List
- netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.htmlnvdBroken Link
News mentions
1- ZDI-26-187: (Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution VulnerabilityZero Day Initiative · Mar 16, 2026