CVE-2023-42464
Published: 20 September 2023
Summary
CVE-2023-42464 is a critical-severity Type Confusion (CWE-843) vulnerability in Debian Debian Linux. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 8.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A Type Confusion vulnerability exists in the Spotlight RPC functions within afpd of Netatalk 3.1.x versions prior to 3.1.17. The flaw occurs during parsing of Spotlight RPC packets that use key-value dictionaries, where callers of the dalloc_value_for_key() function perform no type checking on returned objects. This allows an attacker to manipulate pointer values, and the issue is assigned CWE-843 with a CVSS 3.1 score of 9.8.
An unauthenticated remote attacker can send specially crafted Spotlight RPC packets to an affected Netatalk server. Successful exploitation grants the ability to control memory pointers and theoretically achieve remote code execution on the host, with no user interaction or privileges required.
Public advisories, including the Netatalk security notice and the Debian LTS announcement, direct users to upgrade to Netatalk 3.1.17 or later to address the type-checking deficiency. The Netatalk project page and associated issue tracker provide the corresponding patch details.
The EPSS score remains low, with a current value of 0.0652 and a peak of 0.0770.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-46904
Vulnerability details
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the…
more
values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.