How severe is CVE-2023-42464?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-42464?

This is classified as CWE-843, which is a common weakness in software security.

CVE-2023-42464 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

Related Vulnerabilities

CVE-2012-0507

CRITICAL

CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to af...

CWE-8432012

CVE-2016-1000005

CRITICAL

CVSS:9.8(Critical)

mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9....

CWE-8432016

CVE-2018-9471

CRITICAL

CVSS:9.8(Critical)

In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no addition...

CWE-8432018

CVE-2019-10231

CRITICAL

CVSS:9.8(Critical)

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

CWE-8432019

CVE-2019-14537

CRITICAL

CVSS:9.8(Critical)

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

CWE-8432019

CVE-2019-20571

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14...

CWE-8432019