CVE-2022-45188 Information
Share on:
Nov 12, 2022
cve
Description
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
Reference
https://rushbnt.github.io/bug%20analysis/netatalk-0day/ https://sourceforge.net/projects/netatalk/files/netatalk/ https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html