Heap-based Buffer Overflow in Netatalk 3.1.13 Allows Remote Root Access via Crafted .appl File

Heap-based Buffer Overflow in Netatalk 3.1.13 Allows Remote Root Access via Crafted .appl File

CVE-2022-45188 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

Learn more about our Web Application Penetration Testing UK.