Netatalk

Netatalk

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-38439

Exploit
  • EPSS 0.47%
  • Veröffentlicht 16.06.2024 13:15:53
  • Zuletzt bearbeitet 21.11.2024 09:25:51

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.

7.5

CVE-2024-38440

Exploit
  • EPSS 0.56%
  • Veröffentlicht 16.06.2024 13:15:53
  • Zuletzt bearbeitet 01.05.2025 19:44:52

Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest ve...

9.8

CVE-2024-38441

Exploit
  • EPSS 0.63%
  • Veröffentlicht 16.06.2024 13:15:53
  • Zuletzt bearbeitet 01.05.2025 19:42:41

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

9.8

CVE-2023-42464

  • EPSS 7.7%
  • Veröffentlicht 20.09.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:22:36

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and ...

9.8

CVE-2022-43634

  • EPSS 4.35%
  • Veröffentlicht 29.03.2023 19:15:20
  • Zuletzt bearbeitet 21.11.2024 07:26:56

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results fr...

9.8

CVE-2022-23121

  • EPSS 17.67%
  • Veröffentlicht 28.03.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:02

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results fr...

9.8

CVE-2022-23122

  • EPSS 6.77%
  • Veröffentlicht 28.03.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:02

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results fro...

9.8

CVE-2022-23123

  • EPSS 2.89%
  • Veröffentlicht 28.03.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:02

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue resul...

9.8

CVE-2022-23124

  • EPSS 0.61%
  • Veröffentlicht 28.03.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:02

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue res...

9.8

CVE-2022-23125

  • EPSS 22.34%
  • Veröffentlicht 28.03.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:02

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len ...