Netatalk

Netatalk

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-38439

Exploit
  • EPSS 0.47%
  • Published 16.06.2024 13:15:53
  • Last modified 21.11.2024 09:25:51

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.

7.5

CVE-2024-38440

Exploit
  • EPSS 0.56%
  • Published 16.06.2024 13:15:53
  • Last modified 01.05.2025 19:44:52

Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest ve...

9.8

CVE-2024-38441

Exploit
  • EPSS 0.63%
  • Published 16.06.2024 13:15:53
  • Last modified 01.05.2025 19:42:41

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

9.8

CVE-2023-42464

  • EPSS 7.7%
  • Published 20.09.2023 15:15:11
  • Last modified 21.11.2024 08:22:36

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and ...

9.8

CVE-2022-43634

  • EPSS 4.35%
  • Published 29.03.2023 19:15:20
  • Last modified 21.11.2024 07:26:56

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results fr...

9.8

CVE-2022-23121

  • EPSS 17.67%
  • Published 28.03.2023 19:15:10
  • Last modified 21.11.2024 06:48:02

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results fr...

9.8

CVE-2022-23122

  • EPSS 6.77%
  • Published 28.03.2023 19:15:10
  • Last modified 21.11.2024 06:48:02

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results fro...

9.8

CVE-2022-23123

  • EPSS 2.89%
  • Published 28.03.2023 19:15:10
  • Last modified 21.11.2024 06:48:02

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue resul...

9.8

CVE-2022-23124

  • EPSS 0.61%
  • Published 28.03.2023 19:15:10
  • Last modified 21.11.2024 06:48:02

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue res...

9.8

CVE-2022-23125

  • EPSS 22.34%
  • Published 28.03.2023 19:15:10
  • Last modified 21.11.2024 06:48:02

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len ...