CVE-2024-38441Off-by-one Error in Netatalk

CWE-193Off-by-one ErrorCWE-120Classic Buffer Overflow6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 25.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
NetatalkDebian Netatalk
Timeline
PublishedJun 16
Latest updateMar 12

Description

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/netatalk< netatalk 3.1.12~ds-8+deb11u2 (bullseye)
NVDnetatalk/netatalk2.0.02.4.1+2
Debiannetatalk/netatalk< 3.1.12~ds-8+deb11u2+2
Ubuntunetatalk/netatalk< 3.1.12~ds-4ubuntu0.20.04.4+5

🔴Vulnerability Details

3
OSV
netatalk vulnerabilities2025-03-12
GHSA
GHSA-j764-4v6h-pqp7: Netatalk 32024-06-16
OSV
CVE-2024-38441: Netatalk before 32024-06-16

📋Vendor Advisories

2
Ubuntu
Netatalk vulnerabilities2025-03-12
Debian
CVE-2024-38441: netatalk - Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer ov...2024