CVE-2022-45188 – CVE-2022-45188 is a heap-based buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2022-45188?

CVE-2022-45188 has a CVSS score of 7.8 (HIGH). CVE-2022-45188 is a heap-based buffer overflow vulnerability in Netatalk's afp_getappl function that allows remote code execution via a malicious .appl file. This affects Netatalk versions through 3.1.13 and can provide remote root access on platforms like FreeBSD (used in TrueNAS). Organizations using Netatalk for Apple Filing Protocol (AFP) file sharing services are at risk.

📋 TL;DR

CVE-2022-45188 is a heap-based buffer overflow vulnerability in Netatalk's afp_getappl function that allows remote code execution via a malicious .appl file. This affects Netatalk versions through 3.1.13 and can provide remote root access on platforms like FreeBSD (used in TrueNAS). Organizations using Netatalk for Apple Filing Protocol (AFP) file sharing services are at risk.

💻 Affected Systems

Products:

Netatalk

Versions: Versions through 3.1.13

Operating Systems: Linux, FreeBSD, Other Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: TrueNAS systems using FreeBSD are particularly vulnerable due to default root access. Any system with Netatalk configured for AFP file sharing is affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains root privileges on vulnerable systems, leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Remote code execution with the privileges of the Netatalk service (often root), enabling file system access, service disruption, and lateral movement.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and monitoring are in place, potentially containing the attack to the affected service.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a crafted .appl file to the AFP service, which is often accessible over the network without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Netatalk 3.1.14 or later

Vendor Advisory: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html

Restart Required: Yes

Instructions:

1. Update Netatalk to version 3.1.14 or later using your package manager (e.g., apt, yum). 2. Restart the Netatalk service. 3. Verify the update with 'netatalk -v'.

🔧 Temporary Workarounds

Disable AFP Service

linux

Temporarily disable the Netatalk AFP service if patching is not immediately possible.

sudo systemctl stop netatalk
sudo systemctl disable netatalk

Network Segmentation

linux

Restrict network access to the AFP service using firewall rules to limit exposure.

sudo iptables -A INPUT -p tcp --dport 548 -j DROP
sudo iptables -A INPUT -p udp --dport 548 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit AFP service exposure to trusted IPs only.
Monitor logs for unusual .appl file access attempts and consider using application whitelisting.

🔍 How to Verify

Check if Vulnerable:

Check Netatalk version with 'netatalk -v' or 'dpkg -l | grep netatalk' on Debian-based systems. If version is 3.1.13 or earlier, it is vulnerable.

Check Version:

netatalk -v

Verify Fix Applied:

After update, run 'netatalk -v' to confirm version is 3.1.14 or later and check service status with 'systemctl status netatalk'.

📡 Detection & Monitoring

Log Indicators:

Unusual .appl file access in Netatalk logs
Failed authentication attempts or buffer overflow errors in system logs

Network Indicators:

Unexpected connections to AFP port 548/tcp or 548/udp
Traffic patterns indicating file uploads to AFP service

SIEM Query:

source="netatalk.log" AND ("appl" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2022-45188

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.06% exploit probability (18.2th percentile)

Published: November 12, 2022

Last Updated: February 13, 2026

🔗 References

https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ Mailing List
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html Release Notes,Third Party Advisory
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html Broken Link
https://rushbnt.github.io/bug%20analysis/netatalk-0day/ Exploit,Third Party Advisory
https://security.gentoo.org/glsa/202311-02 Issue Tracking,Third Party Advisory
https://sourceforge.net/projects/netatalk/files/netatalk/ Release Notes,Third Party Advisory
https://www.debian.org/security/2023/dsa-5503 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZYWSGVA6WXREMB6PV56HAHKU7R6KPOP/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GEAFLA5L2SHOUFBAGUXIF2TZLGBXGJKT/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SG6WZW5LXFVH3P7ZVZRGHUVJEMEFKQLI/ Mailing List
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html Release Notes,Third Party Advisory
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.14.html Broken Link
https://rushbnt.github.io/bug%20analysis/netatalk-0day/ Exploit,Third Party Advisory
https://security.gentoo.org/glsa/202311-02 Issue Tracking,Third Party Advisory
https://sourceforge.net/projects/netatalk/files/netatalk/ Release Notes,Third Party Advisory
https://www.debian.org/security/2023/dsa-5503 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45188, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Netatalk by Netatalk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable AFP Service

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities