Cyber Resilience

CVE-2022-43634

Critical

Published: 29 March 2023

Published
29 March 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0399 88.7th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-43634 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Netatalk Netatalk. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-43634 is a heap-based buffer overflow in Netatalk that affects the dsi_writeinit function. The flaw stems from missing validation on the length of attacker-supplied data before it is copied into a fixed-size buffer on the heap. Successful exploitation grants remote code execution with root privileges and requires no authentication. The vulnerability carries a CVSS 3.1 base score of 9.8 and is tracked as CWE-122; it was originally reported as ZDI-CAN-17646.

Unauthenticated remote attackers can send a crafted DSI request to a vulnerable Netatalk server and achieve arbitrary code execution in the root context. Because the service typically listens on the network and runs with elevated privileges, compromise of the host follows directly from successful exploitation.

Public advisories and package updates from Debian LTS and Fedora document the availability of patched Netatalk builds that correct the length check in dsi_writeinit. A corresponding upstream pull request supplies the source-level fix for distributions that build from the Netatalk repository.

EPSS for the CVE rose from a low baseline to a peak of 0.1878 in January 2025 before receding to the current value of 0.0399, indicating measurable post-disclosure exploitation interest.

EU & UK References

Vulnerability details

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of…

more

the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netatalk
netatalk
3.1.13

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References