VYPR

Netatalk

by Netatalk

Source repositories

CVEs (48)

  • CVE-2026-44067MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data.

  • CVE-2026-44065MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.

  • CVE-2026-44063MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input.

  • CVE-2026-44069LowMay 21, 2026
    risk 0.18cvss 3.9epss 0.00

    An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.

  • CVE-2026-7837LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.

  • CVE-2026-44075LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service…

  • CVE-2026-44074LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect…

  • CVE-2026-44071LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by…

  • CVE-2026-44057LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC…

  • CVE-2026-7836LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.

  • CVE-2026-7835LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.

  • CVE-2026-44072LowMay 21, 2026
    risk 0.13cvss 3.0epss 0.00

    Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions.

  • CVE-2026-44070LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests.

  • CVE-2018-1160Dec 20, 2018
    risk 0.10cvss epss 0.87

    Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

  • CVE-2022-23125Mar 28, 2023
    risk 0.03cvss epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not…

  • CVE-2022-43634Mar 29, 2023
    risk 0.02cvss epss 0.19

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper…

  • CVE-2023-42464Sep 20, 2023
    risk 0.01cvss epss 0.02

    A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the…

  • CVE-2022-23122Mar 28, 2023
    risk 0.01cvss epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper…

  • CVE-2022-23121Mar 28, 2023
    risk 0.01cvss epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error…

  • CVE-2022-23123Mar 28, 2023
    risk 0.01cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper…