Heap-based Buffer Overflow in Netatalk for FreeBSD and TrueNAS
CVE-2022-45188

7.8HIGH

Key Information:

Vendor: Netatalk
Status: Netatalk
Vendor: CVE Published:; 12 November 2022

What is CVE-2022-45188?

The Netatalk software version 3.1.13 is susceptible to a heap-based buffer overflow via a specially crafted .appl file, allowing for remote code execution. This vulnerability poses significant risks, especially on platforms like FreeBSD used by TrueNAS, where it can lead to unauthorized root access. Users are strongly advised to update to the latest version immediately to mitigate potential threats.

References

https://sourceforge.net/projects/netatalk/files/netatalk/

https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html

https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2022
Vulnerability Reserved
Nov 11, 2022

CVE-2022-45188 Data

JSON