Netatalk contains multiple error and memory management vulnerabilities

Main / Netatalk contains multiple error and memory management vulnerabilities

Discription

### Overview

There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote Code Execution as well as Out-of-bounds Read.

### Description

Below are the new CVEs. Per ZDI:

**CVE-2022-0194** This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

**CVE-2022-23121** This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root.

**CVE-2022-23122** This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

**CVE-2022-23124** This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

**CVE-2022-23125** This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

**CVE-2022-23123** This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

For more detailed information, please review the Netatalk announcement. Also available for reference are releases detailing the information from ZDI & Western Digital.

Netatalk does not regularly receive security updates, is receiving security research attention, and is difficlut to get right because reverse engineering a proprietary protocol. WD has removed Netatalk code from NAS firmware. We suggest Samba+vfs_fruit for longer term use (more likely to get security updates in a timely way). (see samba vfs_fruit vuls).

### Impact

An unauthenticated, remote attacker can execute arbitrary code on affected installations of Netatalk.

### Solution

Netatalk has released version [3.1.13]().

### Acknowledgements

Thanks to ZDI, Western Digital, and Netatalk for researching and coordinating these vulnerabilities.

This document was written by James Stanley and Art Manion.

### Vendor Information

709991

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

### OpenWRT __ Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 25, 2022**

#### Vendor Statement

The Netatalk application in the OpenWrt package feed was updated to version 3.1.13 in OpenWrt 19.07 and OpenWrt 21.02 branch. Updated ipkg files were generated. Netatalk is not included in the default images. Netatalk was removed from OpenWrt master and OpenWrt 22.03.

https://github.com/openwrt/packages/commit/951ef67479dbf52af124671d367dd5e1a6d16121 https://github.com/openwrt/packages/commit/165c5625a3c696a37665d62b849eaa85b4d3815a

### SUSE Linux Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 24, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Advantech Czech __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

There is no Netatalk in the ICR-xxxx products.

### Android Open Source Project Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Aruba Networks Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 25, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### AVM GmbH __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

AVM doesn’t utilize software from the netatalk project within its products.

### Belden Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Brocade Communication Systems __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: April 06, 2022**

**CVE-2022-0194**| Not Affected
—|—
**Vendor Statement:**
No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
**CVE-2022-23121**| Not Affected
**Vendor Statement:**
No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
**CVE-2022-23122**| Not Affected
**Vendor Statement:**
No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
**CVE-2022-23123**| Not Affected
**Vendor Statement:**
No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
**CVE-2022-23124**| Not Affected
**Vendor Statement:**
No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.
**CVE-2022-23125**| Not Affected
**Vendor Statement:**
No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

#### Vendor Statement

No Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

### Check Point __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 22, 2022**

#### Vendor Statement

Check Point doesn’t use Netatalk.

### Cisco Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: April 20, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Cradlepoint __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: May 02, 2022**

#### Vendor Statement

Cradlepoint does not implement Netatalk in any of its products or services.

### Dell SecureWorks Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Digi International __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: May 31, 2022**

**CVE-2022-0194**| Not Affected
—|—
**Vendor Statement:**
We do not utilize this apple based filing protocol on our products as per our internal review, and thus are not affected.
**CVE-2022-23121**| Not Affected
**Vendor Statement:**
We do not utilize this apple based filing protocol on our products as per our internal review, and thus are not affected.
**CVE-2022-23122**| Not Affected
**Vendor Statement:**
We do not utilize this apple based filing protocol on our products as per our internal review, and thus are not affected.
**CVE-2022-23123**| Not Affected
**Vendor Statement:**
We do not utilize this apple based filing protocol on our products as per our internal review, and thus are not affected.
**CVE-2022-23124**| Not Affected
**Vendor Statement:**
We do not utilize this apple based filing protocol on our products as per our internal review, and thus are not affected.
**CVE-2022-23125**| Not Affected
**Vendor Statement:**
We do not utilize this apple based filing protocol on our products as per our internal review, and thus are not affected.

#### Vendor Statement

We do not utilize this apple based filing protocol on our products as per our internal review, and thus are not affected.

### eCosCentric __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

Do not use Netatalk in our RTOS

### HardenedBSD __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 22, 2022**

#### Vendor Statement

Though HardenedBSD provides netatalk3 in ports/packages, HardenedBSD does not distribute netatalk code in the base operating system. As such, HardenedBSD is not affected.

### Hewlett Packard Enterprise Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Illumos __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

netatalk is not part of basic illumos. Some distributions MAY have it, but illumos itself does not.

### Intel Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 30, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Joyent __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

SmartOS does not ship netatalk. Users can get netatalk from pkgsrc, but this case is a problem for pkgsrc, not SmartOS.

### lwIP Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Muonics Inc. __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: April 20, 2022**

#### Vendor Statement

Muonics does not use Netatalk in any of its products and is thus not vulnerable.

### Paessler Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 28, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### Peplink Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: June 07, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### pfSense __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 22, 2022**

#### Vendor Statement

pfSense software does not include Netatalk in the base installation or or in any add-on packages.

### Phoenix Contact __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 24, 2022**

#### Vendor Statement

Phoenix Contact products do not support or implement Netatalk.

### Red Hat __ Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 23, 2022**

#### Vendor Statement

Red Hat products are not affected by the listed CVE(s) associated with this issue.

### Treck Not Affected

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: March 21, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### A10 Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ACCESS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Actelis Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Actiontec Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ADATA Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ADTRAN Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Advantech B-B Technology Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Advantech Taiwan Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Aerohive Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### AhnLab Inc Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### AirWatch Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Akamai Technologies Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Alcatel-Lucent Enterprise Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Allied Telesis Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Alpine Linux Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Altran Intelligent Systems Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Amazon Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ANTlabs Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Apple Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Arcadyan Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Arch Linux Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Arista Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ARRIS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ASUSTeK Computer Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Atheros Communications Inc Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### AT&T Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Avaya Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Barracuda Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Belkin Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Bell Canada Enterprises Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### BlackBerry Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Blackberry QNX Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### BlueCat Networks Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Blue Coat Systems Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Blunk Microsystems Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### BoringSSL Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Broadcom Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Buffalo Technology Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Cambium Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### CA Technologies Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Ceragon Networks Inc Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Cirpack Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### CMX Systems Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Comcast Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Commscope Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Contiki OS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Cricket Wireless Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Cypress Semiconductor Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### CZ.NIC Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### dd-wrt Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Debian GNU/Linux Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Dell Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Dell EMC Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### DesktopBSD Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Deutsche Telekom Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Devicescape Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### D-Link Systems Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### dnsmasq Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### DragonFly BSD Project Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### eero Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### EfficientIP Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ENEA Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Ericsson Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Espressif Systems Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### European Registry for Internet Domains Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Express Logic Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Extreme Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### F5 Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Fastly Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Fedora Project Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### FNet Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Force10 Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Fortinet Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### FreeBSD Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### FreeRTOS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### F-Secure Corporation Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Gentoo Linux Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### GFI Software Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### GNU adns Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### GNU glibc Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Google Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Grandstream Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Green Hills Software Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### HCC Embedded Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Hitachi Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Honeywell Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### HP Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### HTC Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Huawei Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### IBM Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### IBM Corporation (zseries) Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### IBM Numa-Q Division (Formerly Sequent) Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ICASI Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Infoblox Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### InfoExpress Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Inmarsat Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Internet Initiative Japan Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Internet Systems Consortium Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Internet Systems Consortium – DHCP Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### IP Infusion Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### JH Software Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### JPCERT/CC Vulnerability Handling Team Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Juniper Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### kubernetes Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### LANCOM Systems GmbH Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Lancope Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Lantronix Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Lenovo Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### LG Electronics Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### LibreSSL Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Linksys Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### LITE-ON Technology Corporation Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### LiteSpeed Technologies Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Lynx Software Technologies Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### m0n0wall Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Marconi Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Marvell Semiconductor Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### McAfee Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### MediaTek Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Medtronic Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Men & Mice Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Metaswitch Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Microchip Technology Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Micro Focus Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Microsoft Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### MikroTik Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Miredo Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Mitel Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Motorola Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### National Cyber Security Center Netherlands Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### National Cyber Security Centre Finland Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NCSC-FI Vulnerability Coordinator Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NEC Corporation Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Netatalk Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NetBSD Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NetBurner Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NetComm Wireless Limited Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NETGEAR Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NETSCOUT Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### netsnmp Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### netsnmpj Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Nexenta Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NIKSUN Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Nixu Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### NLnet Labs Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Nokia Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### OleumTech Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### OpenBSD Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### OpenConnect Ltd Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### OpenDNS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### OpenIndiana Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### OpenSSL Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Openwall GNU/*/Linux Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Oracle Corporation Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Oryx Embedded Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Palo Alto Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Philips Electronics Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### PHPIDS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### PowerDNS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Proxim Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Pulse Secure Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### QLogic Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### QNAP Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Quadros Systems Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Quagga Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Qualcomm Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Quantenna Communications Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Riverbed Technologies Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Roku Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Ruckus Wireless Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Ruijie Networks Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Samsung Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Samsung Mobile Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Samsung Semiconductor Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Schneider Electric Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Secure64 Software Corporation Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### SEIKO EPSON Corp. / Epson America Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Sierra Wireless Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Slackware Linux Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### SMC Networks Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### SmoothWall Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Snort Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### SonicWall Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Sonos Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Sony Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Sophos Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Sourcefire Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Symantec Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Synology Unknown

Notified: 2022-03-21 Updated: 2022-11-16

**Statement Date: April 28, 2022**

#### Vendor Statement

We have not received a statement from the vendor.

### systemd Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### TCPWave Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### TDS Telecom Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Technicolor Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Tenable Network Security Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### TippingPoint Technologies Inc. Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Tizen Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### TP-LINK Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### TrueOS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Turbolinux Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Ubiquiti Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Ubuntu Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Unisys Corporation Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Univention Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Untangle Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### VMware Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Vultures List Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Western Digital Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Wind River Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### WizNET Technology Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### wolfSSL Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Xiaomi Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### XigmaNAS Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Xilinx Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Zebra Technologies Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Zephyr Project Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### ZTE Corporation Unknown

#### Vendor Statement

We have not received a statement from the vendor.

### Zyxel Unknown

#### Vendor Statement

We have not received a statement from the vendor.

View all 244 vendors __View less vendors __

### References

*
*

### Other Information

References

Back to Main

Subscribe for the latest news: