Netatalk

Netatalk

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.32%
  • Veröffentlicht 21.05.2026 07:35:02
  • Zuletzt bearbeitet 21.05.2026 15:20:19

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests.

  • EPSS 0.09%
  • Veröffentlicht 21.05.2026 07:34:59
  • Zuletzt bearbeitet 21.05.2026 15:20:19

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.

  • EPSS 0.32%
  • Veröffentlicht 21.05.2026 07:34:57
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.

  • EPSS 0.29%
  • Veröffentlicht 21.05.2026 07:34:55
  • Zuletzt bearbeitet 21.05.2026 15:20:19

A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data.

  • EPSS 0.29%
  • Veröffentlicht 21.05.2026 07:34:53
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption.

  • EPSS 0.13%
  • Veröffentlicht 21.05.2026 07:34:51
  • Zuletzt bearbeitet 21.05.2026 15:20:19

An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.

  • EPSS 0.17%
  • Veröffentlicht 21.05.2026 07:34:49
  • Zuletzt bearbeitet 21.05.2026 15:20:19

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.

  • EPSS 0.21%
  • Veröffentlicht 21.05.2026 07:34:47
  • Zuletzt bearbeitet 21.05.2026 15:20:19

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input.

  • EPSS 0.36%
  • Veröffentlicht 21.05.2026 07:34:44
  • Zuletzt bearbeitet 21.05.2026 15:20:19

A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.

  • EPSS 0.39%
  • Veröffentlicht 21.05.2026 07:34:42
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.