All errata/sisyphus/ALT-PU-2018-2964-1
ALT-PU-2018-2964-1

Package update netatalk in branch sisyphus

Version3.1.12-alt1
Task#218619
Published2018-12-26
Max severityCRITICAL
Severity:

Closed issues (2)

BDU:2019-01250
CRITICAL9.8

Уязвимость реализации протокола Netatalk, связанная с записью за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Published: 2019-04-04Modified: 2026-02-16
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2018-1160
CRITICAL9.8

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Published: 2018-12-20Modified: 2026-02-13
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References