DEBIAN-CVE-2022-22995

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-22995

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-22995.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-22995

Upstream

CVE-2022-22995

Published

2022-03-25T23:15:08Z

Modified

2025-09-30T05:15:34.269849Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

References

https://security-tracker.debian.org/tracker/CVE-2022-22995

Affected packages

Debian:11 / netatalk

Package

Name: netatalk
Purl: pkg:deb/debian/netatalk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.12~ds-8+deb11u2

Affected versions

3.*

3.1.12~ds-8

3.1.12~ds-8+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / netatalk

Package

Name: netatalk
Purl: pkg:deb/debian/netatalk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.18~ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / netatalk

Package

Name: netatalk
Purl: pkg:deb/debian/netatalk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.18~ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}