Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1160 — Out-of-bounds Write in Netatalk

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

9.8CRITICALNVD

EPSS

89.7%

top 0.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netatalk Synology Diskstation Manager Synology Router Manager +1 more

Timeline

PublishedDec 20

Latest updateMay 13

Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDnetatalk/netatalk< 3.1.12

▶Debiannetatalk/netatalk< 2.2.6-2+2

▶CVEListV5netatalk/netatalkBefore 3.1.12

▶NVDsynology/router_manager1.2 — 1.2-7742-5

▶NVDsynology/diskstation_manager5.2 — 5.2-5967-9+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-j675-7hvj-qfw5: Netatalk before 3↗2022-05-13

▶

CVEList

CVE-2018-1160: Netatalk before 3↗2018-12-20

▶

OSV

CVE-2018-1160: Netatalk before 3↗2018-12-20

▶

💥Exploits & PoCs

Exploit-DB

QNAP Netatalk < 3.1.12 - Authentication Bypass↗2019-04-08

▶

Exploit-DB

Netatalk 3.1.12 - Authentication Bypass (PoC)↗2018-12-21

▶

Exploit-DB

Netatalk 3.1.12 - Authentication Bypass↗2018-12-21

▶

📋Vendor Advisories

Debian

CVE-2018-1160: netatalk - Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c...↗2018

▶