What is CVE-2018-1160?

CVE-2018-1160 is a vulnerability in Netatalk, classified under Out-of-bounds Write. Published 2018-12-20.

Is CVE-2018-1160 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Netatalk

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary co…

Vulnerability class: Buffer Overflow

EPSS: 0.888 (99.5th percentile) — read the EPSS interpretation.

Affected products

Netatalk — versions Before 3.1.12

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

Public proof-of-concept exploits

References

netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html (x_refsource_CONFIRM)
attachments.samba.org/attachment.cgi (x_refsource_MISC)
106301 (vdb-entry, x_refsource_BID)
46034 (exploit, x_refsource_EXPLOIT-DB)
github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ (x_refsource_MISC)
46048 (exploit, x_refsource_EXPLOIT-DB)
www.synology.com/security/advisory/Synology_SA_18_62 (x_refsource_CONFIRM)
www.tenable.com/security/research/tra-2018-48 (x_refsource_MISC)
DSA-4356 (vendor-advisory, x_refsource_DEBIAN)
46675 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2018-1160?: CVE-2018-1160 is a vulnerability in Netatalk, classified under Out-of-bounds Write. Published 2018-12-20.
Is CVE-2018-1160 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.