CVE-2022-23121 in Netalkinfo

Zusammenfassung

von MITRE • 28.03.2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

11.01.2022

Veröffentlichung

28.03.2023

Moderieren

akzeptiert

Eintrag

VDB-216336

CPE

bereit

CWE

CWE-120 (bestätigt)

CVSS

9.8 (NVD)

EPSS

0.16823

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-23121
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23121
CVE Details	https://www.cvedetails.com/cve/CVE-2022-23121/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!