MuNetatalk, sevha inoshandisa AppleTalk uye Apple Filing Protocol (AFP) network protocol, zvitanhatu zvinobatika zviri kure zvakaonekwa izvo zvinokutendera kuti uronge maitirwo ekodhi yako nekodzero dzemidzi nekutumira akagadzirirwa mapaketi. Netatalk inoshandiswa nevazhinji vanogadzira zvigadzirwa zvekuchengetedza (NAS) kupa faira kugovera uye kuwana maprinta kubva kuApple komputa, semuenzaniso, yakashandiswa muWestern Digital zvishandiso (dambudziko rakagadziriswa nekubvisa Netatalk kubva kuWD firmware). Netatalk inosanganisirwawo mukugovera kwakawanda, kusanganisira OpenWRT (yakabviswa seOpenWrt 22.03), Debian, Ubuntu, SUSE, Fedora uye FreeBSD, asi haishandiswe nekusarudzika. Nyaya dzakagadziriswa muNetatalk 3.1.13 kusunungurwa.
Nyaya dzakaonekwa:
- CVE-2022-0194 - Iyo ad_addcomment () basa haritarise zvakanaka saizi ye data rekunze usati waikopa kune yakagadziriswa buffer. Kusagadzikana kunobvumira asina kutenderwa ari kure anorwisa kuti aite kodhi yavo nemidzi ropafadzo.
- CVE-2022-23121 - Kukanganisa kukanganisa kubata mu parse_entries() basa rinoitika kana uchinyora AppleDouble zvinyorwa. Kusagadzikana kunobvumira asina kutenderwa ari kure anorwisa kuti aite kodhi yavo nemidzi ropafadzo.
- CVE-2022-23122 - Iyo setfilparams () basa haritarise nemazvo saizi ye data rekunze usati waikopa kune yakagadziriswa buffer. Kusagadzikana kunobvumira asina kutenderwa ari kure anorwisa kuti aite kodhi yavo nemidzi ropafadzo.
- CVE-2022-23124 Kushaikwa kweiyo chaiyo yekuisa yekusimbisa mune iyo get_finderinfo() nzira, zvichikonzera kuverenga kubva kune imwe nzvimbo iri kunze kweiyo buffer yakagoverwa. Kusagadzikana kunobvumira asina kutenderwa ari kure anorwisa kuti aburitse ruzivo kubva kune process memory. Kana yasanganiswa nehumwe hudziviriro, iko kukanganisa kunogona zvakare kushandiswa kuita kodhi ine midzi ropafadzo.
- CVE-2022-23125 Pane kushaikwa saizi cheki kana uchibvisa "len" chinhu mucopyapplfile () basa usati wakopa iyo data kune yakagadziriswa buffer. Kusagadzikana kunobvumira asina kutenderwa ari kure anorwisa kuti aite kodhi yavo nemidzi ropafadzo.
- CVE-2022-23123 - Kushaikwa kwekubuda kwekusimbisa mune iyo getdirparams () nzira, zvichikonzera kuverenga kubva kune imwe nzvimbo iri kunze kweiyo buffer yakagoverwa. Kusagadzikana kunobvumira asina kutenderwa ari kure anorwisa kuti aburitse ruzivo kubva kune process memory.
Source: opennet.ru