Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

TrueNAS CORE

TrueNAS Enterprise

TrueNAS SCALE

Compare Editions

Software Status

FreeNAS

Compare Systems

F-Series

M-Series

X-Series

R-Series

Mini Series

About iXsystems Our Clients Reviews Careers Awards iX Blog & News iX Website Contact Us

Community Forum Discord TrueNAS GitHub TrueNAS Merch Store

Application Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Video Surveillance Virtualization

Industry Automotive Education Gaming Government Healthcare MSP Manufacturing Research & AI Media & Entertainment

Documentation Community Support Enterprise Support Plugins & Apps TrueNAS Security FAQ

ZFS Overview TrueNAS Blog Solution Guides Datasheets Case Studies Videos

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

Compare TrueNAS Editions

Where to Buy

CVE-2022-0194 : netatalk - ad_addcomment Stack-based Buffer Overflow Remote Code Execution

Versions Affected : All versions prior to TrueNAS Core 12.0-U8.1

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

CVSS

Base score

Workaround

No workarounds available

Mitigation

Disable affected AFP shares until upgrade is possible
Upgrade to TrueNAS 12.0-U8.1

Commit

Further information

Back to CORE Archive

TrueNAS
CORE^TM | Enterprise^TM
Security TrueNAS SCALE Logo

TrueNAS
SCALE^TM | Enterprise^TM
Security TrueCommand Logo

TrueCommand^®
Security TrueNAS Enterprise Logo

TrueNAS^® | Enterprise
Hardware Solutions
Security