Luca Moro

**Name of the Vulnerable Software and Affected Versions** Netatalk (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists within the `dsi writeinit` function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A flaw was found in Samba, where some SMB1 write requests were not correctly range-checked, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the server memory written to the file or printer. This issue may allow a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SMB and AFP (affected versions not specified) **Description** The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting this combination of primitives, an attacker can execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 11.3-PRERELEASE before r345378 FreeBSD versions 12.0-STABLE before r345377 FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p10 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p4 **Description** A bug in the pf component of FreeBSD does not properly check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet. This allows a maliciously crafted ICMP/ICMP6 packet to bypass packet filter rules and be passed to a host that would otherwise be unavailable. **Recommendations** For FreeBSD versions 11.3-PRERELEASE before r345378, update to a version after r345378. For FreeBSD versions 12.0-STABLE before r345377, update to a version after r345377. For FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p10, update to 11.2-RELEASE-p10 or later. For FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p4, update to 12.0-RELEASE-p4 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 11.2 before 11.2-RELEASE-p10 FreeBSD versions 11.3-PRERELEASE FreeBSD versions 12.0 before 12.0-RELEASE-p4 FreeBSD versions 12.0-STABLE before r347591 **Description** The issue is related to insufficient input validation in the PF IPv6 firewall. It can be exploited by a remote attacker using a specially crafted IPv6 packet, potentially allowing them to bypass existing access control policies or cause a denial of service. The problem lies in the incorrect handling of the last extension header offset from the last received packet instead of the first packet in the pf IPv6 fragment reassembly logic. **Recommendations** For FreeBSD versions 11.2 before 11.2-RELEASE-p10, update to 11.2-RELEASE-p10 or later. For FreeBSD versions 11.3-PRERELEASE, update to a version after r347591. For FreeBSD versions 12.0 before 12.0-RELEASE-p4, update to 12.0-RELEASE-p4 or later. For FreeBSD versions 12.0-STABLE before r347591, update to a version after r347591.