CVE-2026-7835
Format String Vulnerability in Netatalk
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netatalk | netatalk | From 3.0.3 (inc) to 4.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Netatalk versions 3.0.3 through 4.4.2 and is related to a format string argument mismatch. It was fixed in version 4.5.0.
How can this vulnerability impact me? :
The vulnerability has a CVSS v3.1 base score of 3.1, indicating a low severity. It requires network access with high attack complexity and low privileges, but no user interaction. The impact is limited to availability, meaning it could potentially cause a denial of service or crash, but does not affect confidentiality or integrity.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in Netatalk versions 3.0.3 through 4.4.2 is fixed in version 4.5.0.
To mitigate this vulnerability, you should upgrade Netatalk to version 4.5.0 or later.