CVE-2026-44067
Heap Over-read in Netatalk File Sharing Service
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 2.1.0 (inc) to 4.4.2 (inc) |
| netatalk | netatalk | 4.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap over-read issue in the ea header parsing component of Netatalk versions 2.1.0 through 4.4.2. A heap over-read occurs when a program reads more data than it should from a heap-allocated memory area, potentially leading to information disclosure or program instability. This specific issue was fixed in version 4.5.0 of Netatalk.
How can this vulnerability impact me? :
The vulnerability has a CVSS base score of 4.2, indicating a low to medium severity. It can be exploited remotely (AV:N) but requires high attack complexity (AC:H) and low privileges (PR:L). There is no user interaction needed (UI:N). The impact is limited to low confidentiality loss (C:L) and low availability loss (A:L), with no impact on integrity (I:N). Therefore, an attacker could potentially read some sensitive information from memory and cause minor availability issues, but cannot modify data or fully disrupt the system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Netatalk to version 4.5.0 or later, as the issue is fixed starting from that version.