Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-23121 (GCVE-0-2022-23121)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-11-04 19:12
VLAI
EPSS
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Severity
9.8 (Critical)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
7 references
Credits
NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"url": "https://www.kb.cert.org/vuls/id/709991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) "
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T16:06:24.449Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-23121",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:53.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-23121",
"date": "2026-06-26",
"epss": "0.08525",
"percentile": "0.94362"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-23121\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2023-03-28T19:15:10.203\",\"lastModified\":\"2026-06-17T04:29:32.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.\"}],\"affected\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"affectedData\":[{\"vendor\":\"Netatalk\",\"product\":\"Netatalk\",\"versions\":[{\"version\":\"3.1.12\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.13\",\"matchCriteriaId\":\"24D5049D-2145-4D39-BFAC-6D810026956D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-02\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5503\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-527/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/709991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-527/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
CERTFR-2022-AVI-777
Vulnerability from certfr_avis - Published: 2022-08-30 - Updated: 2022-08-30
De multiples vulnérabilités ont été découvertes dans Synology DSM et SRM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Synology | DSM | Synology DiskStation Manager (DSM) versions 6.2.x antérieures à 6.2.4-25556-6 | ||
| Synology | SRM | Synology Router Manager (SRM) versions 1.3.x antérieures à 1.3-9193-1 | ||
| Synology | DSM | Synology DiskStation Manager (DSM) versions 7.0.x antérieures à 7.0.1-42218-4 | ||
| Synology | DSM | Synology DiskStation Manager (DSM) versions 7.1.x antérieures à 7.1-42661-1 | ||
| Synology | SRM | Synology Router Manager (SRM) versions 1.2.x antérieures à 1.2.5-8227-5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Synology DiskStation Manager (DSM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.4-25556-6",
"product": {
"name": "DSM",
"vendor": {
"name": "Synology",
"scada": false
}
}
},
{
"description": "Synology Router Manager (SRM) versions 1.3.x ant\u00e9rieures \u00e0 1.3-9193-1",
"product": {
"name": "SRM",
"vendor": {
"name": "Synology",
"scada": false
}
}
},
{
"description": "Synology DiskStation Manager (DSM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1-42218-4",
"product": {
"name": "DSM",
"vendor": {
"name": "Synology",
"scada": false
}
}
},
{
"description": "Synology DiskStation Manager (DSM) versions 7.1.x ant\u00e9rieures \u00e0 7.1-42661-1",
"product": {
"name": "DSM",
"vendor": {
"name": "Synology",
"scada": false
}
}
},
{
"description": "Synology Router Manager (SRM) versions 1.2.x ant\u00e9rieures \u00e0 1.2.5-8227-5",
"product": {
"name": "SRM",
"vendor": {
"name": "Synology",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
"cves": [
{
"name": "CVE-2022-23121",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23121"
},
{
"name": "CVE-2022-23123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23123"
},
{
"name": "CVE-2022-23125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23125"
},
{
"name": "CVE-2022-23122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23122"
},
{
"name": "CVE-2022-0194",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0194"
},
{
"name": "CVE-2022-23124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23124"
}
],
"initial_release_date": "2022-08-30T00:00:00",
"last_revision_date": "2022-08-30T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-777",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Synology DSM et\nSRM. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Synology DSM et SRM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Synology Synology_SA_22_06 du 30 ao\u00fbt 2022",
"url": "https://www.synology.com/fr-fr/security/advisory/Synology_SA_22_06"
}
]
}
FKIE_CVE-2022-23121
Vulnerability from fkie_nvd - Published: 2023-03-28 19:15 - Updated: 2026-06-17 04:29
Severity
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netatalk | netatalk | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"affected": [
{
"affectedData": [
{
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"status": "affected",
"version": "3.1.12"
}
]
}
],
"source": "zdi-disclosures@trendmicro.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24D5049D-2145-4D39-BFAC-6D810026956D",
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
],
"id": "CVE-2022-23121",
"lastModified": "2026-06-17T04:29:32.993",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-28T19:15:10.203",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Release Notes"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/709991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8CM2-F4G9-WJFM
Vulnerability from github – Published: 2023-03-28 21:30 – Updated: 2025-11-04 21:30
VLAI
Details
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-23121"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-28T19:15:00Z",
"severity": "CRITICAL"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.",
"id": "GHSA-8cm2-f4g9-wjfm",
"modified": "2025-11-04T21:30:33Z",
"published": "2023-03-28T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23121"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"type": "WEB",
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-02"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/709991"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-23121
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-23121",
"id": "GSD-2022-23121",
"references": [
"https://www.suse.com/security/cve/CVE-2022-23121.html",
"https://advisories.mageia.org/CVE-2022-23121.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-23121"
],
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.",
"id": "GSD-2022-23121",
"modified": "2023-12-13T01:19:35.440747Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-23121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netatalk",
"version": {
"version_data": [
{
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "Netatalk"
}
]
}
},
"credit": "NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) ",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755: Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
"refsource": "MISC",
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-23121"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
},
{
"name": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
},
{
"name": "DSA-5503",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5503"
},
{
"name": "GLSA-202311-02",
"refsource": "GENTOO",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-02"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-11-22T21:02Z",
"publishedDate": "2023-03-28T19:15Z"
}
}
}
SUSE-SU-2022:1184-1
Vulnerability from csaf_suse - Published: 2022-04-13 15:00 - Updated: 2022-04-13 15:00Summary
Security update for netatalk
Severity
Important
Notes
Title of the patch: Security update for netatalk
Description of the patch: This update for netatalk fixes the following issues:
- CVE-2022-23125: Fixed remote arbitrary code execution related to copyapplfile().
- CVE-2022-23121: Fixed remote arbitrary code execution related to parse_entries().
- CVE-2021-31439: Fixed remote arbitrary code execution related to dsi_stream_receive().
Patchnames: SUSE-2022-1184,SUSE-SLE-SDK-12-SP5-2022-1184,SUSE-SLE-WE-12-SP5-2022-1184
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for netatalk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for netatalk fixes the following issues:\n \n- CVE-2022-23125: Fixed remote arbitrary code execution related to copyapplfile().\n- CVE-2022-23121: Fixed remote arbitrary code execution related to parse_entries().\n- CVE-2021-31439: Fixed remote arbitrary code execution related to dsi_stream_receive().\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1184,SUSE-SLE-SDK-12-SP5-2022-1184,SUSE-SLE-WE-12-SP5-2022-1184",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1184-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1184-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221184-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1184-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010700.html"
},
{
"category": "self",
"summary": "SUSE Bug 1197352",
"url": "https://bugzilla.suse.com/1197352"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31439 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23121 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23125/"
}
],
"title": "Security update for netatalk",
"tracking": {
"current_release_date": "2022-04-13T15:00:22Z",
"generator": {
"date": "2022-04-13T15:00:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1184-1",
"initial_release_date": "2022-04-13T15:00:22Z",
"revision_history": [
{
"date": "2022-04-13T15:00:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libatalk12-3.1.0-3.8.1.aarch64",
"product": {
"name": "libatalk12-3.1.0-3.8.1.aarch64",
"product_id": "libatalk12-3.1.0-3.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.0-3.8.1.aarch64",
"product": {
"name": "netatalk-3.1.0-3.8.1.aarch64",
"product_id": "netatalk-3.1.0-3.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.0-3.8.1.aarch64",
"product": {
"name": "netatalk-devel-3.1.0-3.8.1.aarch64",
"product_id": "netatalk-devel-3.1.0-3.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk12-3.1.0-3.8.1.i586",
"product": {
"name": "libatalk12-3.1.0-3.8.1.i586",
"product_id": "libatalk12-3.1.0-3.8.1.i586"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.0-3.8.1.i586",
"product": {
"name": "netatalk-3.1.0-3.8.1.i586",
"product_id": "netatalk-3.1.0-3.8.1.i586"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.0-3.8.1.i586",
"product": {
"name": "netatalk-devel-3.1.0-3.8.1.i586",
"product_id": "netatalk-devel-3.1.0-3.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk12-3.1.0-3.8.1.ppc64le",
"product": {
"name": "libatalk12-3.1.0-3.8.1.ppc64le",
"product_id": "libatalk12-3.1.0-3.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.0-3.8.1.ppc64le",
"product": {
"name": "netatalk-3.1.0-3.8.1.ppc64le",
"product_id": "netatalk-3.1.0-3.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.0-3.8.1.ppc64le",
"product": {
"name": "netatalk-devel-3.1.0-3.8.1.ppc64le",
"product_id": "netatalk-devel-3.1.0-3.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk12-3.1.0-3.8.1.s390",
"product": {
"name": "libatalk12-3.1.0-3.8.1.s390",
"product_id": "libatalk12-3.1.0-3.8.1.s390"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.0-3.8.1.s390",
"product": {
"name": "netatalk-3.1.0-3.8.1.s390",
"product_id": "netatalk-3.1.0-3.8.1.s390"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.0-3.8.1.s390",
"product": {
"name": "netatalk-devel-3.1.0-3.8.1.s390",
"product_id": "netatalk-devel-3.1.0-3.8.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk12-3.1.0-3.8.1.s390x",
"product": {
"name": "libatalk12-3.1.0-3.8.1.s390x",
"product_id": "libatalk12-3.1.0-3.8.1.s390x"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.0-3.8.1.s390x",
"product": {
"name": "netatalk-3.1.0-3.8.1.s390x",
"product_id": "netatalk-3.1.0-3.8.1.s390x"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.0-3.8.1.s390x",
"product": {
"name": "netatalk-devel-3.1.0-3.8.1.s390x",
"product_id": "netatalk-devel-3.1.0-3.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk12-3.1.0-3.8.1.x86_64",
"product": {
"name": "libatalk12-3.1.0-3.8.1.x86_64",
"product_id": "libatalk12-3.1.0-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.0-3.8.1.x86_64",
"product": {
"name": "netatalk-3.1.0-3.8.1.x86_64",
"product_id": "netatalk-3.1.0-3.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.0-3.8.1.x86_64",
"product": {
"name": "netatalk-devel-3.1.0-3.8.1.x86_64",
"product_id": "netatalk-devel-3.1.0-3.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk12-3.1.0-3.8.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64"
},
"product_reference": "libatalk12-3.1.0-3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk12-3.1.0-3.8.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le"
},
"product_reference": "libatalk12-3.1.0-3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk12-3.1.0-3.8.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x"
},
"product_reference": "libatalk12-3.1.0-3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk12-3.1.0-3.8.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64"
},
"product_reference": "libatalk12-3.1.0-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.0-3.8.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64"
},
"product_reference": "netatalk-3.1.0-3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.0-3.8.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le"
},
"product_reference": "netatalk-3.1.0-3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.0-3.8.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x"
},
"product_reference": "netatalk-3.1.0-3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.0-3.8.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
},
"product_reference": "netatalk-3.1.0-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.0-3.8.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64"
},
"product_reference": "netatalk-devel-3.1.0-3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.0-3.8.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le"
},
"product_reference": "netatalk-devel-3.1.0-3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.0-3.8.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x"
},
"product_reference": "netatalk-devel-3.1.0-3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.0-3.8.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64"
},
"product_reference": "netatalk-devel-3.1.0-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk12-3.1.0-3.8.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64"
},
"product_reference": "libatalk12-3.1.0-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.0-3.8.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
},
"product_reference": "netatalk-3.1.0-3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31439"
}
],
"notes": [
{
"category": "general",
"text": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31439",
"url": "https://www.suse.com/security/cve/CVE-2021-31439"
},
{
"category": "external",
"summary": "SUSE Bug 1197352 for CVE-2021-31439",
"url": "https://bugzilla.suse.com/1197352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-13T15:00:22Z",
"details": "critical"
}
],
"title": "CVE-2021-31439"
},
{
"cve": "CVE-2022-23121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23121"
}
],
"notes": [
{
"category": "general",
"text": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23121",
"url": "https://www.suse.com/security/cve/CVE-2022-23121"
},
{
"category": "external",
"summary": "SUSE Bug 1197352 for CVE-2022-23121",
"url": "https://bugzilla.suse.com/1197352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-13T15:00:22Z",
"details": "critical"
}
],
"title": "CVE-2022-23121"
},
{
"cve": "CVE-2022-23125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23125"
}
],
"notes": [
{
"category": "general",
"text": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23125",
"url": "https://www.suse.com/security/cve/CVE-2022-23125"
},
{
"category": "external",
"summary": "SUSE Bug 1197352 for CVE-2022-23125",
"url": "https://bugzilla.suse.com/1197352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.8.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.0-3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-13T15:00:22Z",
"details": "critical"
}
],
"title": "CVE-2022-23125"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…