Bugzilla – Bug 1205393
VUL-0: CVE-2022-45188: netatalk: heap-based buffer overflow in afp_getappl()
Last modified: 2022-12-12 10:15:16 UTC
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting
in code execution via a crafted .appl file. This provides remote root access on
some platforms such as FreeBSD (used for TrueNAS).
Not fixed upstream yet it seems.
This affects SUSE:SLE-12:Update/netatalk AFAICT.
(In reply to Carlos López from comment #0)
"this is RCE vulnerability in FreeBSD and LPE in other OS"
Note that 3.1.14 was not released, so this link is invalid.
Package submitted for 12/netatalk.
SUSE-SU-2022:4360-1: An update that fixes one vulnerability is now available.
Category: security (important)
Bug References: 1205393
CVE References: CVE-2022-45188
SUSE Linux Enterprise Workstation Extension 12-SP5 (src): netatalk-3.1.0-3.11.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src): netatalk-3.1.0-3.11.1
NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.