CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

References

Affected packages

Git / github.com/netatalk/netatalk

Affected ranges

Type

GIT

Repo

https://github.com/netatalk/netatalk

Events

Introduced

Fixed

2e7f3cb25f1f4eb8ee0e5cbec1ed7bd40bca9031

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.12"
        }
    ]
}

Affected versions

Other

netatalk-3-1-10

netatalk-3-1-11

netatalk-3-1-2

netatalk-3-1-3

netatalk-3-1-4

netatalk-3-1-5

netatalk-3-1-6

netatalk-3-1-7

netatalk-3-1-8

netatalk-3-1-9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1160.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "1.2"
            },
            {
                "fixed": "1.2-7742-5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.2"
            },
            {
                "fixed": "5.2-5967-9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "6.1"
            },
            {
                "fixed": "6.1.7-15284-3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "6.2"
            },
            {
                "fixed": "6.2.1-23824-4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]