CVE-2023-42464

Published: 16 September 2023

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

Notes

2.x versions and older do not support the spotlight
protocol, support introduced in 3.1.0
code affected shares origin with samba's mdssvc.c; this
issue is the netatalk version of the samba CVE-2023-34967

Status

Severity score breakdown

References

• https://kb.cert.org/vuls/id/408603
• https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-1-17
• https://sourceforge.net/p/netatalk/mailman/message/37896632/
• https://netatalk.sourceforge.io/CVE-2023-42464.php
• https://ubuntu.com/security/notices/USN-6552-1
• https://www.cve.org/CVERecord?id=CVE-2023-42464
• NVD
• Launchpad
• Debian

Bugs

• https://github.com/Netatalk/netatalk/pull/485
• https://github.com/Netatalk/netatalk/issues/486