CVE-2022-43634.html.in

<div id="content">
<h1>Netatalk Security Advisory</h1>

<dl>
<dt><strong>Subject</strong></dt>
<dd>Arbitrary code execution in dsi_writeinit</dd>
<dt><strong>CVE ID</strong></dt>
<dd><a href="https://www.cve.org/CVERecord?id=CVE-2022-43634">CVE-2022-43634</a></dd>
<dt><strong>Date of Publishing</strong></dt>
<dd>2023/02/06 <i>advisory published retroactively; date is approximate</i></dd>
<dt><strong>Affected Netatalk Versions</strong></dt>
<dd>3.0.0 - 3.1.14</dd>
<dt><strong>Summary</strong></dt>
<dd>Lack of validation of user-input data leads to remote code execution in the dsi_writeinit function</dd>
</dl>
<h2>Description</h2>
<p>This vulnerability allows remote attackers to execute arbitrary code on Netatalk.
Authentication is not required to exploit this vulnerability.
The specific flaw exists within the dsi_writeinit function.
The issue results from the lack of proper validation of the length of user-supplied data
prior to copying it to a fixed-length heap-based buffer.
An attacker can leverage this vulnerability to execute code in the context of root.</p>

<h2>Patch Availability</h2>
<p>Apply the patch with git hash
<a href="https://github.com/Netatalk/netatalk/commit/5fcb4ab02aced14484310165b3d754bb2f0820ca.diff">
5fcb4ab</a> to hotfix your local Netatalk deployment.</p>

<p>Additionally, Netatalk 3.1.15 has been released which contains the security patch.
Netatalk administrators are advised to upgrade to this version or apply the patch as soon as possible.</p>

<h2>CVSS Calculation</h2>
<p>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)</p>

<h2>Workaround</h2>
<p>None.</p>

<h2>Credits</h2>
<dl>
<dt>Vulnerability found and reported by:</dt>
<dd>Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv</dd>
<dt>Patch developed by:</dt>
<dd>Etienne HELLUY-LAFONT from Synacktiv</dd>
</dl>

</div>