CVE-2022-43634
Published: 29 March 2023
Summary
CVE-2022-43634 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Netatalk Netatalk. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-43634 is a heap-based buffer overflow in Netatalk that affects the dsi_writeinit function. The flaw stems from missing validation on the length of attacker-supplied data before it is copied into a fixed-size buffer on the heap. Successful exploitation grants remote code execution with root privileges and requires no authentication. The vulnerability carries a CVSS 3.1 base score of 9.8 and is tracked as CWE-122; it was originally reported as ZDI-CAN-17646.
Unauthenticated remote attackers can send a crafted DSI request to a vulnerable Netatalk server and achieve arbitrary code execution in the root context. Because the service typically listens on the network and runs with elevated privileges, compromise of the host follows directly from successful exploitation.
Public advisories and package updates from Debian LTS and Fedora document the availability of patched Netatalk builds that correct the length check in dsi_writeinit. A corresponding upstream pull request supplies the source-level fix for distributions that build from the Netatalk repository.
EPSS for the CVE rose from a low baseline to a peak of 0.1878 in January 2025 before receding to the current value of 0.0399, indicating measurable post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-46630
Vulnerability details
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of…
more
the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.