{"id":"USN-6146-1","summary":"netatalk vulnerabilities","details":"It was discovered that Netatalk did not properly validate the length of\nuser-supplied data in the DSI structures. A remote attacker could possibly\nuse this issue to execute arbitrary code with the privileges of the user\ninvoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2021-31439)\n\nIt was discovered that Netatalk did not properly validate the length of\nuser-supplied data in the ad_addcomment function. A remote attacker could\npossibly use this issue to execute arbitrary code with root privileges.\nThis issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2022-0194)\n\nIt was discovered that Netatalk did not properly handle errors when parsing\nAppleDouble entries. A remote attacker could possibly use this issue to\nexecute arbitrary code with root privileges. This issue only affected\nUbuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-23121)\n\nIt was discovered that Netatalk did not properly validate the length of\nuser-supplied data in the setfilparams function. A remote attacker could\npossibly use this issue to execute arbitrary code with root privileges.\nThis issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2022-23122)\n\nIt was discovered that Netatalk did not properly validate the length of\nuser-supplied data in the getdirparams function. A remote attacker could\npossibly use this issue to execute arbitrary code with root privileges.\nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123)\n\nIt was discovered that Netatalk did not properly validate the length of\nuser-supplied data in the get_finderinfo function. A remote attacker could\npossibly use this issue to execute arbitrary code with root privileges.\nThis issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2022-23124)\n\nIt was discovered that Netatalk did not properly validate the length of\nuser-supplied data in the copyapplfile function. A remote attacker could\npossibly use this issue to execute arbitrary code with root privileges.\nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125)\n\nIt was discovered that Netatalk did not properly validate the length of\nuser-supplied data in the dsi_writeinit function. A remote attacker could\npossibly use this issue to execute arbitrary code with root privileges.\nThis issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu\n22.10. (CVE-2022-43634)\n\nIt was discovered that Netatalk did not properly manage memory under\ncertain circumstances. If a user were tricked into opening a specially\ncrafted .appl file, a remote attacker could possibly use this issue to\nexecute arbitrary code. (CVE-2022-45188)\n","modified":"2026-02-17T21:48:48.401401Z","published":"2023-06-08T09:57:44Z","related":["UBUNTU-CVE-2021-31439","UBUNTU-CVE-2022-0194","UBUNTU-CVE-2022-23121","UBUNTU-CVE-2022-23122","UBUNTU-CVE-2022-23123","UBUNTU-CVE-2022-23124","UBUNTU-CVE-2022-23125","UBUNTU-CVE-2022-43634","UBUNTU-CVE-2022-45188"],"upstream":["CVE-2021-31439","CVE-2022-0194","CVE-2022-23121","CVE-2022-23122","CVE-2022-23123","CVE-2022-23124","CVE-2022-23125","CVE-2022-43634","CVE-2022-45188","UBUNTU-CVE-2021-31439","UBUNTU-CVE-2022-0194","UBUNTU-CVE-2022-23121","UBUNTU-CVE-2022-23122","UBUNTU-CVE-2022-23123","UBUNTU-CVE-2022-23124","UBUNTU-CVE-2022-23125","UBUNTU-CVE-2022-43634","UBUNTU-CVE-2022-45188"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6146-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-31439"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0194"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23121"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23122"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23123"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23124"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23125"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-43634"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-45188"}],"affected":[{"package":{"name":"netatalk","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/netatalk@2.2.2-1ubuntu2.2+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.2-1ubuntu2.2+esm1"}]}],"versions":["2.2.2-1ubuntu1","2.2.2-1ubuntu2","2.2.2-1ubuntu2.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"2.2.2-1ubuntu2.2+esm1","binary_name":"netatalk"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6146-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23121"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-23123"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23125"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-45188"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"netatalk","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/netatalk@2.2.5-1ubuntu0.2+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-1ubuntu0.2+esm1"}]}],"versions":["2.2.5-1","2.2.5-1ubuntu0.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.2.5-1ubuntu0.2+esm1","binary_name":"netatalk"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6146-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23121"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-23123"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23125"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-45188"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"netatalk","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/netatalk@2.2.6-1ubuntu0.18.04.2+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.6-1ubuntu0.18.04.2+esm1"}]}],"versions":["2.2.6-1","2.2.6-1ubuntu0.18.04.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.2.6-1ubuntu0.18.04.2+esm1","binary_name":"netatalk"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6146-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23121"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-23123"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23125"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-45188"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"netatalk","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netatalk@3.1.12~ds-4ubuntu0.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.12~ds-4ubuntu0.20.04.1"}]}],"versions":["3.1.12~ds-3","3.1.12~ds-4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.1.12~ds-4ubuntu0.20.04.1","binary_name":"netatalk"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6146-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-31439"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-0194"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23121"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23122"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-23123"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-23124"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23125"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-43634"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-45188"}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"netatalk","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netatalk@3.1.12~ds-9ubuntu0.22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.12~ds-9ubuntu0.22.04.1"}]}],"versions":["3.1.12~ds-9","3.1.12~ds-9build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.1.12~ds-9ubuntu0.22.04.1","binary_name":"netatalk"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6146-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-31439"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-0194"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23121"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23122"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-23123"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-23124"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-23125"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-43634"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-45188"}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.3"}