{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-23124","assignerOrgId":"99f1926a-a320-47d8-bbb5-42feb611262e","assignerShortName":"zdi","dateUpdated":"2025-11-04T19:12:56.576Z","dateReserved":"2022-01-11T00:00:00.000Z","datePublished":"2023-03-28T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"99f1926a-a320-47d8-bbb5-42feb611262e","shortName":"zdi","dateUpdated":"2023-11-01T16:06:18.022Z"},"descriptions":[{"lang":"en","value":"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870."}],"affected":[{"vendor":"Netatalk","product":"Netatalk","versions":[{"version":"3.1.12","status":"affected"}]}],"references":[{"url":"https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-525/"},{"name":"[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"},{"name":"DSA-5503","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2023/dsa-5503"},{"name":"GLSA-202311-02","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202311-02"}],"credits":[{"lang":"en","value":"Theori (@theori_io)"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-125: Out-of-bounds Read","cweId":"CWE-125"}]}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html","tags":["x_transferred"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-525/","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html"},{"name":"DSA-5503","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2023/dsa-5503"},{"name":"GLSA-202311-02","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202311-02"},{"url":"https://www.kb.cert.org/vuls/id/709991"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T19:12:56.576Z"}}]}}