Netatalk CVE Announcement


On March 21st 2022, the Netatalk project commited an update announcing 7 CVEs.

Of those six affect AFP on TrueNAS 12.0

  • CVE-2022-23121
  • CVE-2022-23123
  • CVE-2022-23122
  • CVE-2022-23125
  • CVE-2022-23124
  • CVE-2022-0194

The CVEs only affect TrueNAS CORE. TrueNAS SCALE is not vulnerable.

A fix for these CVEs has been completed, update any TrueNAS systems to version 12.0-U8.1 as soon as possible.

iXsystems strongly recommends using the SMB or NFS sharing protocols. Users with different sharing protocols are encouraged to consider migrating.

If you have a support contract with iXsystems and have further questions feel free to reach out to your Support representative.

Back to CORE Archive