CVE-2026-44070
Unbounded Realloc in Netatalk Charset Conversion
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 2.0.0 (inc) to 4.4.2 (inc) |
| netatalk | netatalk | 4.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 2.0.0 through 4.4.2 and involves an unbounded realloc operation during charset conversion. This means that the program attempts to reallocate memory without properly limiting the size, which can lead to memory issues. The vulnerability was fixed in version 4.5.0.
How can this vulnerability impact me? :
The vulnerability has a CVSS v3.1 base score of 3.1, indicating a low severity impact. It requires network access with high attack complexity and low privileges, with no user interaction needed. The impact is limited to availability, meaning it could cause a denial of service or crash, but does not affect confidentiality or integrity.