CVE-2026-44069
Integer Underflow in Netatalk
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 3.0.0 (inc) to 4.4.2 (inc) |
| netatalk | netatalk | 4.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer underflow issue found in Netatalk versions 3.0.0 through 4.4.2, specifically in the volxlate component. An integer underflow occurs when an arithmetic operation attempts to create a numeric value that is lower than the minimum representable value, potentially causing unexpected behavior or errors in the software.
The issue was fixed in version 4.5.0 of Netatalk.
How can this vulnerability impact me? :
The vulnerability has a CVSS v3.1 base score of 3.9, indicating a low severity impact. It requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H) to exploit, with no user interaction needed (UI:N).
If exploited, it can lead to low impact on confidentiality, integrity, and availability (all rated as low). This means it might cause limited unauthorized information disclosure, modification, or disruption of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Netatalk to version 4.5.0 or later, where the integer underflow issue in volxlate has been fixed.