Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Netatalk
(Netatalk)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-29 | CVE-2022-43634 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. | Netatalk | 9.8 | ||
| 2018-12-20 | CVE-2018-1160 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | Debian_linux, Netatalk, Diskstation_manager, Router_manager, Skynas, Vs960hd_firmware | 9.8 | ||
| 2008-12-26 | CVE-2008-5718 | The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title. | Netatalk | N/A |