CVE-2022-0194 : netatalk - ad_addcomment Stack-based Buffer Overflow Remote Code Execution
Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
No workarounds available
- Disable affected AFP shares until upgrade is possible
- Upgrade to TrueNAS 12.0-U8.1