admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/23xxx/CVE-2022-23121.json

84 lines
3.1 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2022-01-11 18:01:11 +00:00
{
"-Synchronized-Data."
2023-03-28 19:00:35 +00:00
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-23121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netatalk",
"version": {
"version_data": [
{
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "Netatalk"
ZDI assigns the following 2022 CVEs: M 2022/0xxx/CVE-2022-0194.json M 2022/0xxx/CVE-2022-0650.json M 2022/1xxx/CVE-2022-1229.json M 2022/1xxx/CVE-2022-1230.json M 2022/23xxx/CVE-2022-23121.json M 2022/23xxx/CVE-2022-23122.json M 2022/23xxx/CVE-2022-23123.json M 2022/23xxx/CVE-2022-23124.json M 2022/23xxx/CVE-2022-23125.json M 2022/24xxx/CVE-2022-24352.json M 2022/24xxx/CVE-2022-24353.json M 2022/24xxx/CVE-2022-24672.json M 2022/24xxx/CVE-2022-24673.json M 2022/24xxx/CVE-2022-24674.json M 2022/24xxx/CVE-2022-24907.json M 2022/24xxx/CVE-2022-24908.json M 2022/24xxx/CVE-2022-24972.json M 2022/24xxx/CVE-2022-24973.json
2023-03-28 13:00:34 -05:00
}
]
}
"-Synchronized-Data."
2023-03-28 19:00:35 +00:00
},
"credit": "NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) ",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755: Improper Handling of Exceptional Conditions"
}
]
}
"-Synchronized-Data."
2022-01-11 18:01:11 +00:00
]
"-Synchronized-Data."
2023-03-28 19:00:35 +00:00
},
"references": {
"reference_data": [
{
"url": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html",
"refsource": "MISC",
"name": "https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-527/"
"-Synchronized-Data."
2023-05-17 01:00:42 +00:00
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"
"-Synchronized-Data."
2023-06-01 20:00:37 +00:00
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html"
"-Synchronized-Data."
2023-03-28 19:00:35 +00:00
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
"-Synchronized-Data."
2022-01-11 18:01:11 +00:00
}
"-Synchronized-Data."
2023-03-28 19:00:35 +00:00
}
Reference in New Issue Copy Permalink