CVE-2026-44065
Off-by-Two Error in Netatalk papd lp_write()
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 2.0.0 (inc) to 4.4.2 (inc) |
| netatalk | netatalk | 4.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-193 | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an off-by-two error in the papd lp_write() function in Netatalk versions 2.0.0 through 4.4.2. An off-by-two error typically means that the program incorrectly handles data by miscalculating an offset or length by two units, which can lead to unexpected behavior or memory corruption.
The issue was fixed in Netatalk version 4.5.0.
How can this vulnerability impact me? :
The vulnerability has a CVSS v3.1 base score of 4.2, indicating a low to medium severity. It requires adjacent network access (AV:A), high attack complexity (AC:H), no privileges required (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), with no confidentiality impact (C:N), low integrity impact (I:L), and low availability impact (A:L).
This means an attacker with adjacent network access could exploit this vulnerability to cause limited integrity and availability issues, such as corrupting data or causing partial service disruption.