QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1160

Published: Dec 20, 2018

Modified: Feb 13, 2026

PUBLISHED

Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Vendor	Product	Versions
Netatalk	Netatalk	affected `Before 3.1.12`

Weaknesses (CWE)

References

http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html

x_refsource_CONFIRM

https://attachments.samba.org/attachment.cgi?id=14735

x_refsource_MISC

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

https://www.synology.com/security/advisory/Synology_SA_18_62

x_refsource_CONFIRM

https://www.tenable.com/security/research/tra-2018-48

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.