Netatalkproject Netatalk
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Netatalkproject Netatalk.
By the Year
In 2026 there have been 0 vulnerabilities in Netatalkproject Netatalk. Netatalk did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 7 | 9.80 |
| 2022 | 1 | 7.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Netatalk vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Netatalkproject Netatalk Security Vulnerabilities
Netatalk RCE: dsi_writeinit Buffer Overflow (CVE-2022-43634)
CVE-2022-43634
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
Heap-based Buffer Overflow
Stack Buffer Overflow in Netatalk copyapplfile Arbitrary Code exec
CVE-2022-23125
- March 28, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.
Stack Overflow
Netatalk get_finderinfo Buffer Overflow Enables Remote Info Disclosure
CVE-2022-23124
- March 28, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.
Out-of-bounds Read
Netatalk getdirparams Read Buffer Overflow Exploitable for Privilege Escalation
CVE-2022-23123
- March 28, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.
Out-of-bounds Read
Netatalk setfilparams stack BOP yields remote code exec
CVE-2022-23122
- March 28, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.
Stack Overflow
Netatalk parse_entries RCE via AppleDouble parsing flaw
CVE-2022-23121
- March 28, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Improper Handling of Exceptional Conditions
Netatalk stack-based buffer overflow in ad_addcomment
CVE-2022-0194
- March 28, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
Stack Overflow
Netatalk afp_getappl Heap Overflow < 3.1.13
CVE-2022-45188
7.8 - High
- November 12, 2022
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
Heap-based Buffer Overflow
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c
CVE-2018-1160
9.8 - Critical
- December 20, 2018
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Netatalkproject Netatalk or by Netatalkproject? Click the Watch button to subscribe.
