mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #93
Closed mend-for-github-com[bot] closed 1 year ago
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #93
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #93
Mirror of git://git.code.sf.net/p/netatalk/code
Library home page: https://github.com/Distrotech/netatalk.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerabilities
Details
CVE-2022-45188
### Vulnerable Library - netatalknetatalk-3-0-5Mirror of git://git.code.sf.net/p/netatalk/code
Library home page: https://github.com/Distrotech/netatalk.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/netatalk-3.0.5/etc/afpd/appl.c
/release/src/router/netatalk-3.0.5/etc/afpd/appl.c
/release/src/router/netatalk-3.0.5/etc/afpd/appl.c
### Vulnerability DetailsNetatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
Publish Date: 2022-11-12
URL: CVE-2022-45188
### CVSS 3 Score Details (7.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.