{"id":"CVE-2022-22995","details":"The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.","modified":"2026-05-18T05:53:40.268938718Z","published":"2022-03-25T23:15:08.410Z","related":["SUSE-SU-2023:4084-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"37"},{"last_affected":"38"},{"last_affected":"39"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_dl2100_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_dl4100_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_ex2100_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_ex2_ultra_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_ex4100_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_home_firmware","extracted_events":[{"fixed":"7.16-220"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_mirror_gen_2_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_pr2100_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:my_cloud_pr4100_firmware","extracted_events":[{"fixed":"5.19.117"}]},{"cpes":["cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"westerndigital:wd_cloud_firmware","extracted_events":[{"fixed":"5.19.117"}]}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"},{"type":"ADVISORY","url":"https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"},{"type":"REPORT","url":"https://security.gentoo.org/glsa/202311-02"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netatalk/netatalk","events":[{"introduced":"0"},{"fixed":"4be6b7fd47045601e97ad3f180f1164615f25a4d"}],"database_specific":{"cpe":"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"3.1.18"}]}}],"versions":["netatalk-3-1-17","netatalk-3-1-16","netatalk-3-1-15","netatalk-3-1-14","netatalk-3-1-13","netatalk-3-1-12","netatalk-3-1-11","netatalk-3-1-10","netatalk-3-1-9","netatalk-3-1-8","netatalk-3-1-7","netatalk-3-1-6","netatalk-3-1-5","netatalk-3-1-4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22995.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}