CVE-2026-44049
- EPSS 0.52%
- Veröffentlicht 21.05.2026 07:34:19
- Zuletzt bearbeitet 21.05.2026 15:20:19
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data.
CVE-2026-44048
- EPSS 0.42%
- Veröffentlicht 21.05.2026 07:34:17
- Zuletzt bearbeitet 21.05.2026 15:20:19
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
CVE-2026-44047
- EPSS 0.37%
- Veröffentlicht 21.05.2026 07:33:57
- Zuletzt bearbeitet 21.05.2026 15:20:19
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.
CVE-2024-38441
- EPSS 0.92%
- Veröffentlicht 16.06.2024 13:15:53
- Zuletzt bearbeitet 03.11.2025 22:17:01
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.
CVE-2024-38440
- EPSS 0.88%
- Veröffentlicht 16.06.2024 13:15:53
- Zuletzt bearbeitet 03.11.2025 22:17:01
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest ve...
CVE-2024-38439
- EPSS 0.93%
- Veröffentlicht 16.06.2024 13:15:53
- Zuletzt bearbeitet 03.11.2025 22:17:01
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.
CVE-2023-42464
- EPSS 1.79%
- Veröffentlicht 20.09.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 08:22:36
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and ...
CVE-2022-43634
- EPSS 18.9%
- Veröffentlicht 29.03.2023 19:15:20
- Zuletzt bearbeitet 21.11.2024 07:26:56
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results fr...
CVE-2022-23125
- EPSS 4.35%
- Veröffentlicht 28.03.2023 19:15:10
- Zuletzt bearbeitet 04.11.2025 20:16:03
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len ...
CVE-2022-23124
- EPSS 2.84%
- Veröffentlicht 28.03.2023 19:15:10
- Zuletzt bearbeitet 04.11.2025 20:16:03
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue res...