CVE-2026-44060
Integer Underflow in Netatalk Denial of Service
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 1.5.0 (inc) to 4.4.2 (inc) |
| netatalk | netatalk | 4.4.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 1.5.0 through 4.4.2 and is caused by an integer underflow in the function dsi_writeinit().
An integer underflow occurs when an arithmetic operation attempts to create a numeric value that is lower than the minimum representable value, which can lead to unexpected behavior.
In this case, the underflow leads to a denial of service condition, meaning the affected software can crash or become unavailable.
This issue was fixed in Netatalk version 4.4.3.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS).
An attacker could exploit the integer underflow in dsi_writeinit() to cause the Netatalk service to crash or become unavailable.
This could disrupt access to file sharing services provided by Netatalk, affecting availability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in Netatalk versions 1.5.0 through 4.4.2 is fixed in version 4.4.3.
To mitigate this vulnerability, you should upgrade Netatalk to version 4.4.3 or later.