Heap-based buffer overflow vulnerability in Netatalk 3.2.0
CVE-2024-38439

9.8CRITICAL

Key Information:

Vendor: Netatalk
Status: Netatalk
Vendor: CVE Published:; 16 June 2024

What is CVE-2024-38439?

The vulnerability exists in the Netatalk software where an off-by-one error in the FPLoginExt function can lead to a heap-based buffer overflow. This is caused by incorrectly setting ibuf[PASSWDLEN] to '\0' within the file located at etc/uams/uams_pam.c. As a result, this flaw can compromise the integrity of the application and allow an attacker to exploit the system. Versions prior to 3.2.1, and specifically 2.4.1 and 3.1.19, have been identified as vulnerable and should be updated to secure versions to mitigate this risk.

References

https://github.com/Netatalk/netatalk/issues/1096

https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d61...

https://github.com/Netatalk/netatalk/security/advisories/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2024
Vulnerability Reserved
Jun 16, 2024

CVE-2024-38439 Data

JSON