CVE-2023-42464
published 2023-09-20CVE-2023-42464: A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.79%
75.7th percentile
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | netatalk | < netatalk 3.1.12~ds-8+deb11u1 (bullseye) | netatalk 3.1.12~ds-8+deb11u1 (bullseye) |
| netatalk | netatalk | >= 0 < 3.1.12~ds-8+deb11u1 | 3.1.12~ds-8+deb11u1 |
| netatalk | netatalk | >= 0 < 3.1.17~ds-1 | 3.1.17~ds-1 |
| netatalk | netatalk | >= 0 < 3.1.17~ds-1 | 3.1.17~ds-1 |
| netatalk | netatalk | >= 0 < 3.1.12~ds-4ubuntu0.20.04.3 | 3.1.12~ds-4ubuntu0.20.04.3 |
| netatalk | netatalk | >= 0 < 3.1.12~ds-9ubuntu0.22.04.3 | 3.1.12~ds-9ubuntu0.22.04.3 |
| netatalk | netatalk | >= 3.1 < 3.1.17 | 3.1.17 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via specially crafted Spotlight RPC packets sent to the afpd (Apple Filing Protocol daemon) service; monitor for malformed or unexpected Spotlight RPC traffic targeting Netatalk's AFP port ↗
- →The vulnerable function is dalloc_value_for_key() in afpd; lack of type checking in its callers allows type confusion — focus code review and runtime monitoring on this function's return value handling ↗
- →Exploitation may manifest as heap corruption in the afpd process; monitor for afpd crashes, unexpected memory faults, or anomalous child process spawning from afpd ↗
- ·Vulnerability only affects Netatalk 3.1.x before 3.1.17; versions fixed in Debian bullseye (3.1.12~ds-8+deb11u1) and 3.1.17~ds-1 for sid/trixie/forky are not vulnerable ↗
- ·This issue is related to CVE-2023-34967; detection rules or patches for that CVE may provide partial but not complete coverage for this vulnerability ↗
- ·Debian scopes this as 'local' impact, which may affect risk prioritization in some environments, though the Ubuntu advisory describes it as exploitable via remote network traffic ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
netatalk vulnerability
osv·2023-12-12·CVSS 9.8
CVE-2023-42464 [CRITICAL] netatalk vulnerability
netatalk vulnerability
Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly
handled certain specially crafted Spotlight requests. A remote attacker could
possibly use this issue to cause heap corruption and execute arbitrary code.
(CVE-2023-42464)
GHSA
GHSA-qv4g-5q5g-2vc3: A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3
ghsa_unreviewed·2023-09-20·CVSS 5.3
CVE-2023-42464 [MEDIUM] CWE-843 GHSA-qv4g-5q5g-2vc3: A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
OSV
CVE-2023-42464: A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3
osv·2023-09-20·CVSS 5.3
CVE-2023-42464 [MEDIUM] CVE-2023-42464: A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
Ubuntu
Netatalk vulnerability
vendor_ubuntu·2023-12-12·CVSS 9.8
CVE-2023-42464 [CRITICAL] Netatalk vulnerability
Title: Netatalk vulnerability
Summary: Netatalk could be made to crash or run programs if it received
specially crafted network traffic.
Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly
handled certain specially crafted Spotlight requests. A remote attacker could
possibly use this issue to cause heap corruption and execute arbitrary code.
(CVE-2023-42464)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2023-42464: netatalk - A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd ...
vendor_debian·2023·CVSS 5.3
CVE-2023-42464 [MEDIUM] CVE-2023-42464: netatalk - A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd ...
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
Scope: local
bullseye: resolved (fixed in 3.1.12~ds-8+deb11u1)
forky: resolved (fixed in 3.1.17~ds-1)
sid: resolved (fixed in 3.1.17~ds-1)
trixie: resolved (fixed in 3.1.17~
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Netatalk/netatalk/issues/486https://lists.debian.org/debian-lts-announce/2023/09/msg00031.htmlhttps://netatalk.io/security/CVE-2023-42464https://netatalk.sourceforge.io/https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.htmlhttps://netatalk.sourceforge.io/CVE-2023-42464.phphttps://www.debian.org/security/2023/dsa-5503https://github.com/Netatalk/netatalk/issues/486https://lists.debian.org/debian-lts-announce/2023/09/msg00031.htmlhttps://netatalk.io/security/CVE-2023-42464https://netatalk.sourceforge.io/https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.htmlhttps://netatalk.sourceforge.io/CVE-2023-42464.phphttps://www.debian.org/security/2023/dsa-5503
2023-09-20
Published