Nixpkgs security tracker

Dismissed

Permalink CVE-2018-1160

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 3 months, 1 week ago by @LeSuisse Activity log

Created suggestion 3 months, 1 week ago
@LeSuisse dismissed 3 months, 1 week ago

Netatalk before 3.1.12 is vulnerable to an out of bounds …

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

References

http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html x_refsource_CONFIRMx_transferred
https://attachments.samba.org/attachment.cgi?id=14735 x_transferredx_refsource_MISC
106301 x_refsource_BIDvdb-entryx_transferred
46034 x_transferredexploitx_refsource_EXPLOIT-DB
https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ x_transferredx_refsource_MISC
46048 x_transferredexploitx_refsource_EXPLOIT-DB
https://www.synology.com/security/advisory/Synology_SA_18_62 x_refsource_CONFIRMx_transferred
https://www.tenable.com/security/research/tra-2018-48 x_transferredx_refsource_MISC
DSA-4356 x_refsource_DEBIANx_transferredvendor-advisory
46675 x_transferredexploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass… x_transferredx_refsource_MISC

Affected products

Netatalk

==Before 3.1.12

Matching in nixpkgs

pkgs.netatalk

Apple Filing Protocol Server

nixos-unstable 4.4.1
- nixpkgs-unstable 4.4.1
- nixos-unstable-small 4.4.1
nixos-25.11 4.2.4
- nixos-25.11-small 4.2.4
- nixpkgs-25.11-darwin 4.2.4

Package maintainers

@jcumming Jack Cummings <jack@mudshark.org>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/e8897ab7f6e1c0f73ee552acaf3ac909553c8f91

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.netatalk

Package maintainers