This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
Conclusion & alert: CVE-2022-23121 is rated High Risk (67.2/100): CVSS Critical severity, with high exploitation likelihood (EPSS 8.53%, 94th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 18.24% | 8.53% | -9.72% |
| 2 | 2026-06-09 | 16.82% | 18.24% | +1.42% |
| 3 | 2026-05-27 | — | 16.82% | — |
Full EPSS history (43 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| 9.8 | 3.0 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
— | CVE-2022-23121: 1 source package rows (netatalk); 9 state rows across 7 repos (3.17-community, 3.18-community, 3.19-community, 3.20-community, 3.21-community, 3.22-community, edge-community); fixed 7, open 2. | https://security.alpinelinux.org/vuln/CVE-2022-23121 |
debian
|
not yet assigned | CVE-2022-23121 not yet assigned priority: Debian including 1 source packages (netatalk), 4 status rows across 4 suites (bullseye, forky, sid, trixie): resolved 4. | https://security-tracker.debian.org/tracker/CVE-2022-23121 |
gentoo
|
high | CVE-2022-23121: 1 GLSA(s) (202311-02), 1 atom(s) (net-fs/netatalk); latest impact high. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2022-23121 |
suse
|
critical | CVE-2022-23121 severity critical: SUSE including 3 source package names (libatalk12-3.1.0-3.8.1, netatalk-3.1.0-3.8.1, netatalk-devel-3.1.0-3.8.1), 5 product×package rows across 2 product lines (SUSE Linux Enterprise Software Development Kit 12 SP5, SUSE Linux Enterprise Workstation Extension 12 SP5): Fixed 5. | https://www.suse.com/security/cve/CVE-2022-23121/ |
ubuntu
|
high | CVE-2022-23121 high priority: Ubuntu including 1 source packages (netatalk), 9 status rows across 9 suites (bionic, focal, impish, jammy, kinetic, lunar, trusty, upstream, xenial): released 6, not-affected 2, ignored 1. | https://ubuntu.com/security/CVE-2022-23121 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| netatalk | netatalk | < 3.1.13 | cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* |
| debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html | Mailing List Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html | Mailing List Third Party Advisory |
| https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html | Release Notes |
| https://security.gentoo.org/glsa/202311-02 | Issue Tracking Third Party Advisory |
| https://www.debian.org/security/2023/dsa-5503 | Third Party Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-22-527/ | Third Party Advisory VDB Entry |
| https://www.kb.cert.org/vuls/id/709991 |