 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2023-42464 |
| Description: | A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.1.2.2023.3584 1.3.6.1.4.1.25623.1.1.12.2023.6552.1 1.3.6.1.4.1.25623.1.1.13.2023.261.01 1.3.6.1.4.1.25623.1.0.124500 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-42464 Debian Security Information: DSA-5503 (Google Search) https://www.debian.org/security/2023/dsa-5503 https://netatalk.sourceforge.io/ https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html https://netatalk.sourceforge.io/CVE-2023-42464.php https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html |