rpm package
suse/netatalk&distro=SUSE Linux Enterprise Workstation Extension 12 SP5
pkg:rpm/suse/netatalk&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38441 | — | < 3.1.18-3.25.1 | 3.1.18-3.25.1 | Jun 16, 2024 | Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions. | ||
| CVE-2024-38440 | — | < 3.1.18-3.25.1 | 3.1.18-3.25.1 | Jun 16, 2024 | Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) con | ||
| CVE-2024-38439 | — | < 3.1.18-3.25.1 | 3.1.18-3.25.1 | Jun 16, 2024 | Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions. | ||
| CVE-2023-42464 | — | < 3.1.0-3.19.1 | 3.1.0-3.19.1 | Sep 20, 2023 | A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the s | ||
| CVE-2022-43634 | — | < 3.1.0-3.14.1 | 3.1.0-3.14.1 | Mar 29, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validati | ||
| CVE-2022-23125 | — | < 3.1.0-3.8.1 | 3.1.0-3.8.1 | Mar 28, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not | ||
| CVE-2022-23121 | — | < 3.1.0-3.8.1 | 3.1.0-3.8.1 | Mar 28, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error ha | ||
| CVE-2022-45188 | — | < 3.1.0-3.11.1 | 3.1.0-3.11.1 | Nov 12, 2022 | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | ||
| CVE-2022-22995 | — | < 3.1.0-3.22.1 | 3.1.0-3.22.1 | Mar 25, 2022 | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | ||
| CVE-2021-31439 | — | < 3.1.0-3.8.1 | 3.1.0-3.8.1 | May 21, 2021 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The |
- CVE-2024-38441Jun 16, 2024affected < 3.1.18-3.25.1fixed 3.1.18-3.25.1
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.
- CVE-2024-38440Jun 16, 2024affected < 3.1.18-3.25.1fixed 3.1.18-3.25.1
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) con
- CVE-2024-38439Jun 16, 2024affected < 3.1.18-3.25.1fixed 3.1.18-3.25.1
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.
- CVE-2023-42464Sep 20, 2023affected < 3.1.0-3.19.1fixed 3.1.0-3.19.1
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the s
- CVE-2022-43634Mar 29, 2023affected < 3.1.0-3.14.1fixed 3.1.0-3.14.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validati
- CVE-2022-23125Mar 28, 2023affected < 3.1.0-3.8.1fixed 3.1.0-3.8.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not
- CVE-2022-23121Mar 28, 2023affected < 3.1.0-3.8.1fixed 3.1.0-3.8.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error ha
- CVE-2022-45188Nov 12, 2022affected < 3.1.0-3.11.1fixed 3.1.0-3.11.1
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
- CVE-2022-22995Mar 25, 2022affected < 3.1.0-3.22.1fixed 3.1.0-3.22.1
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
- CVE-2021-31439May 21, 2021affected < 3.1.0-3.8.1fixed 3.1.0-3.8.1
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The