Name | CVE-2022-22995 |
Description | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-3706-1, DLA-3968-1 |
Debian Bugs | 1053545 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
netatalk (PTS) | bullseye | 3.1.12~ds-8+deb11u1 | vulnerable |
bullseye (security) | 3.1.12~ds-8+deb11u2 | fixed | |
forky, sid, trixie | 4.2.3~ds-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
netatalk | source | buster | 3.1.12~ds-3+deb10u5 | DLA-3706-1 | ||
netatalk | source | bullseye | 3.1.12~ds-8+deb11u2 | DLA-3968-1 | ||
netatalk | source | (unstable) | 3.1.18~ds-1 | 1053545 |
https://netatalk.sourceforge.io/CVE-2022-22995.php
https://github.com/Netatalk/netatalk/pull/509
https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb