Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2022-23121 CVE-2022-23123 |
CWE-ID | CWE-755 CWE-125 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Slackware Linux Operating systems & Components / Operating system netatalk Operating systems & Components / Operating system package or component |
Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU61620
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23121
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper handling of exceptional conditions in the parse_entries function when parsing AppleDouble entries. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package netatalk.
Vulnerable software versionsSlackware Linux: 14.1 - 15.0
netatalk: before 3.1.16
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.424902
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61621
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23123
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the getdirparams method. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package netatalk.
Vulnerable software versionsSlackware Linux: 14.1 - 15.0
netatalk: before 3.1.16
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.424902
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.