发布于3月6日3月6日 Members SUSE: CVE-2022-43634: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/09/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. Solution(s) suse-upgrade-libatalk12 suse-upgrade-netatalk suse-upgrade-netatalk-devel References https://attackerkb.com/topics/cve-2022-43634 CVE - 2022-43634
