TrueNAS Enterprise
TrueNAS SCALE
TrueNAS CORE
Compare Editions
TrueCommand
Software Status
FreeNAS
Compare Systems
F-Series
M-Series
H-Series
R-Series
Mini Series
Download TrueNAS SCALE
Download TrueNAS CORE
Get TrueNAS Enterprise
Contact an Enterprise SpecialistCVE-2022-0194 : netatalk - ad_addcomment Stack-based Buffer Overflow Remote Code Execution
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Base score
No workarounds available
- Disable affected AFP shares until upgrade is possible
- Upgrade to TrueNAS 12.0-U8.1
