DescriptionThe combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1053545

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netatalk (PTS)buster3.1.12~ds-3vulnerable
buster (security)3.1.12~ds-3+deb10u4vulnerable
bullseye (security), bullseye3.1.12~ds-8+deb11u1vulnerable
sid, trixie3.1.18~ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bullseye] - netatalk <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems