How serious is CVE-2018-1160?

This vulnerability has a CVSS score of 9.8 out of 10, classified as CRITICAL severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2018-1160?

Yes, proof-of-concept exploit code for CVE-2018-1160 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2018-1160?

CVE-2018-1160 affects netatalk netatalk. Check the full CVE details for specific version information.

How do I fix CVE-2018-1160?

To remediate CVE-2018-1160, check for security patches from netatalk. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2018-1160

Critical

|9.8

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to run any code they want on a system using Netatalk, which could lead to complete control over that system. It can be exploited remotely without needing to log in, as long as the attacker can send specially crafted data to the affected software.

Technical Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$13,000($5K-$15K)

Vendor Response

Grade FPatched in 2611 days

Quick Information

Published

Dec 20, 2018

about 7 years ago

Last Modified

Feb 13, 2026

7 days ago

Vendor

netatalk

Product

netatalk

Related Vulnerabilities

CVE-2022-45188High

This vulnerability allows an attacker to execute malicious code remotely, potentially gaining full control over affected systems like FreeBSD, which is used in TrueNAS. It occurs when a specially crafted .appl file is processed, making it crucial for systems running vulnerable versions of Netatalk to be updated or secured.