CVE-2026-44071
Netatalk Buffer Overflow Protection Bypass via Missing FORTIFY_SOURCE
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 3.1.2 (inc) to 4.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 3.1.2 through 4.4.2 because the software is compiled without the FORTIFY_SOURCE feature enabled. FORTIFY_SOURCE is a security mechanism that provides built-in detection of buffer overflow errors at runtime. Without it, certain memory errors that would normally be caught and safely handled can go undetected.
As a result, a remote attacker could exploit this lack of protection to cause a minor denial of service by triggering memory errors that crash or disrupt the application.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a minor denial of service (DoS). An attacker can remotely cause the Netatalk service to crash or become unavailable by exploiting memory errors that are not detected due to the missing FORTIFY_SOURCE protection.
This could lead to temporary disruption of services relying on Netatalk, affecting availability but not confidentiality or integrity.