Test ID:	1.3.6.1.4.1.25623.1.0.124500
Category:	Buffer overflow
Title:	Netatalk 3.1.x < 3.1.17 RCE Vulnerability
Summary:	Netatalk is prone to a remote code execution (RCE); vulnerability.
Description:	Summary: Netatalk is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve remote code execution on the host. Vulnerability Impact: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. Affected Software/OS: Netatalk version 3.1.x prior to 3.1.17. Solution: Update to version 3.1.17 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-42464 Debian Security Information: DSA-5503 (Google Search) https://www.debian.org/security/2023/dsa-5503 https://netatalk.sourceforge.io/ https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html https://netatalk.sourceforge.io/CVE-2023-42464.php https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.