CVE-2026-44066
Heap Out-of-Bounds Read in Netatalk
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 3.1.0 (inc) to 4.4.2 (inc) |
| netatalk | netatalk | 4.4.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 3.1.0 through 4.4.2 and involves heap out-of-bounds reads during spotlight RPC unmarshalling. This means that when processing certain remote procedure calls related to spotlight functionality, the software reads memory outside the allocated heap buffer, which can lead to unexpected behavior or crashes. The issue was fixed in version 4.4.3.
How can this vulnerability impact me? :
The vulnerability has a CVSS v3.1 base score of 7.1, indicating a high severity. It can be exploited remotely with low attack complexity and requires low privileges but no user interaction. The impact includes high confidentiality impact, no integrity impact, and low availability impact. This means an attacker could potentially read sensitive information from memory, but cannot modify data or significantly disrupt service.