admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-23121.md

20 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-23121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23121)
![](https://img.shields.io/static/v1?label=Product&message=Netatalk&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-755%3A%20Improper%20Handling%20of%20Exceptional%20Conditions&color=brighgreen)
### Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/neutrinoguy/awesome-ics-writeups
Reference in New Issue Copy Permalink