Home > Vulnerability Database > CVE-2022-23123

Mend.io Vulnerability Database

CVE-2022-23123

Date: March 28, 2023

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.

Severity Score

10.0

Related Resources (10)

Url: https://www.zerodayinitiative.com/advisories/ZDI-22-528/

Url: https://security-tracker.debian.org/tracker/CVE-2022-23123

Url: https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html

Url: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html

Url: https://lists.debian.org/debian-lts-announce/2023/08/msg00016.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23123

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-23123

Url: https://www.debian.org/security/2023/dsa-5503

Url: https://security.gentoo.org/glsa/202311-02

Url: https://www.mend.io/vulnerability-database/CVE-2022-23123

Severity Score

10.0

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23123

Date: March 28, 2023

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?