{"url":"http://public2.vulnerablecode.io/api/packages/396610?format=json","purl":"pkg:apk/alpine/netatalk@3.1.12-r0?arch=x86&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"netatalk","version":"3.1.12-r0","qualifiers":{"arch":"x86","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.1.13-r0","latest_non_vulnerable_version":"4.5.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94569?format=json","vulnerability_id":"VCID-545e-f4qb-aybr","summary":"Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1160","reference_id":"","reference_type":"","scores":[{"value":"0.8569","scoring_system":"epss","scoring_elements":"0.99393","published_at":"2026-06-09T12:55:00Z"},{"value":"0.8748","scoring_system":"epss","scoring_elements":"0.99478","published_at":"2026-06-07T12:55:00Z"},{"value":"0.88837","scoring_system":"epss","scoring_elements":"0.99536","published_at":"2026-06-04T12:55:00Z"},{"value":"0.88837","scoring_system":"epss","scoring_elements":"0.99537","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/106301","reference_id":"106301","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"http://www.securityfocus.com/bid/106301"},{"reference_url":"https://www.exploit-db.com/exploits/46034/","reference_id":"46034","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://www.exploit-db.com/exploits/46034/"},{"reference_url":"https://www.exploit-db.com/exploits/46048/","reference_id":"46048","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://www.exploit-db.com/exploits/46048/"},{"reference_url":"https://www.exploit-db.com/exploits/46675/","reference_id":"46675","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://www.exploit-db.com/exploits/46675/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916930","reference_id":"916930","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916930"},{"reference_url":"https://attachments.samba.org/attachment.cgi?id=14735","reference_id":"attachment.cgi?id=14735","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://attachments.samba.org/attachment.cgi?id=14735"},{"reference_url":"https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/","reference_id":"cve_2018_1160","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46048.py","reference_id":"CVE-2018-1160","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46048.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46034.py","reference_id":"CVE-2018-1160","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46034.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46675.py","reference_id":"CVE-2018-1160","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46675.py"},{"reference_url":"https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172","reference_id":"CVE-2018-1160","reference_type":"exploit","scores":[],"url":"https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172"},{"reference_url":"https://www.debian.org/security/2018/dsa-4356","reference_id":"dsa-4356","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://www.debian.org/security/2018/dsa-4356"},{"reference_url":"http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html","reference_id":"QNAP-Netatalk-Authentication-Bypass.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html"},{"reference_url":"http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html","reference_id":"ReleaseNotes3.1.12.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_18_62","reference_id":"Synology_SA_18_62","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://www.synology.com/security/advisory/Synology_SA_18_62"},{"reference_url":"https://www.tenable.com/security/research/tra-2018-48","reference_id":"tra-2018-48","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T19:35:31Z/"}],"url":"https://www.tenable.com/security/research/tra-2018-48"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396610?format=json","purl":"pkg:apk/alpine/netatalk@3.1.12-r0?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/netatalk@3.1.12-r0%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2018-1160"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-545e-f4qb-aybr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/netatalk@3.1.12-r0%3Farch=x86&distroversion=edge&reponame=community"}