cbcvebase.
CVE-2023-42464
published 2023-09-20

CVE-2023-42464: A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one…

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.79%
75.7th percentile
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiannetatalk< netatalk 3.1.12~ds-8+deb11u1 (bullseye)netatalk 3.1.12~ds-8+deb11u1 (bullseye)
netatalknetatalk>= 0 < 3.1.12~ds-8+deb11u13.1.12~ds-8+deb11u1
netatalknetatalk>= 0 < 3.1.17~ds-13.1.17~ds-1
netatalknetatalk>= 0 < 3.1.17~ds-13.1.17~ds-1
netatalknetatalk>= 0 < 3.1.12~ds-4ubuntu0.20.04.33.1.12~ds-4ubuntu0.20.04.3
netatalknetatalk>= 0 < 3.1.12~ds-9ubuntu0.22.04.33.1.12~ds-9ubuntu0.22.04.3
netatalknetatalk>= 3.1 < 3.1.173.1.17

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via specially crafted Spotlight RPC packets sent to the afpd (Apple Filing Protocol daemon) service; monitor for malformed or unexpected Spotlight RPC traffic targeting Netatalk's AFP port
  • The vulnerable function is dalloc_value_for_key() in afpd; lack of type checking in its callers allows type confusion — focus code review and runtime monitoring on this function's return value handling
  • Exploitation may manifest as heap corruption in the afpd process; monitor for afpd crashes, unexpected memory faults, or anomalous child process spawning from afpd
  • ·Vulnerability only affects Netatalk 3.1.x before 3.1.17; versions fixed in Debian bullseye (3.1.12~ds-8+deb11u1) and 3.1.17~ds-1 for sid/trixie/forky are not vulnerable
  • ·This issue is related to CVE-2023-34967; detection rules or patches for that CVE may provide partial but not complete coverage for this vulnerability
  • ·Debian scopes this as 'local' impact, which may affect risk prioritization in some environments, though the Ubuntu advisory describes it as exploitable via remote network traffic

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.