CVE-2026-44049
Out-of-Bounds Write in Netatalk
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 2.0.4 (inc) to 4.4.2 (inc) |
| netatalk | netatalk | 4.4.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 2.0.4 through 4.4.2 and involves an out-of-bounds write occurring in the convert_charset() function related to null termination. This means that the software writes data outside the intended memory boundaries, which can lead to unexpected behavior or security issues. The vulnerability was fixed in version 4.4.3.
How can this vulnerability impact me? :
Exploitation of this vulnerability can result in high impact on confidentiality, integrity, and availability, as indicated by the CVSS score of 7.5 with high impact on these aspects. An attacker could potentially cause the application to behave unpredictably, corrupt data, or execute arbitrary code, leading to significant security risks.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in Netatalk affects versions 2.0.4 through 4.4.2 and is fixed in version 4.4.3.
To mitigate this vulnerability, you should upgrade Netatalk to version 4.4.3 or later.