CVE-2022-45188 Information

Share on:

Nov 12, 2022 cve

Description

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

Reference

https://rushbnt.github.io/bug%20analysis/netatalk-0day/ https://sourceforge.net/projects/netatalk/files/netatalk/ https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html