CVE-2022-22995

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-22995
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22995.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-22995
Downstream
Related
Published
2022-03-25T23:15:08.410Z
Modified
2026-04-15T23:59:13.543354573Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "37"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "38"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "39"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "7.16-220"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "5.19.117"
                }
            ],
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/netatalk/netatalk

Affected ranges

Type
GIT
Repo
https://github.com/netatalk/netatalk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4be6b7fd47045601e97ad3f180f1164615f25a4d
Database specific 
{
    "cpe": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.18"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

Other
netatalk-3-1-10
netatalk-3-1-11
netatalk-3-1-12
netatalk-3-1-13
netatalk-3-1-14
netatalk-3-1-15
netatalk-3-1-16
netatalk-3-1-17
netatalk-3-1-4
netatalk-3-1-5
netatalk-3-1-6
netatalk-3-1-7
netatalk-3-1-8
netatalk-3-1-9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22995.json"