Skip to main content

Netatalk CVE-2026-44048

| EUVDEUVD-2026-31225 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-21 securin GHSA-4v4g-7cw5-m7vc
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 08:00 vuln.today

DescriptionCVE.org

In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion in convert_charset(). Fixed in 4.4.3.

AnalysisAI

Stack-based buffer overflow in Netatalk versions 2.0.4 through 4.4.2 allows authenticated remote attackers to corrupt memory via UCS-2 type confusion in the convert_charset() function, leading to high-impact compromise of confidentiality, integrity, and availability. The flaw affects Netatalk, the open-source AppleTalk/AFP file server commonly used to share files with macOS clients, and is fixed in version 4.4.3. No public exploit identified at time of analysis, though the high CVSS of 8.8 and low attack complexity warrant prompt patching.

Technical ContextAI

Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) suite, widely deployed on Linux/BSD NAS appliances and servers to provide native file sharing for macOS clients. The vulnerable convert_charset() routine performs character-set translation between AFP wire encodings and host encodings; a type confusion involving the UCS-2 (2-byte Unicode) code path miscalculates byte lengths versus character counts and writes attacker-influenced data past a fixed-size stack buffer. This is a classic CWE-121 stack-based buffer overflow, which on systems without robust stack canaries, ASLR, or non-executable stacks can yield reliable control-flow hijacking; even with modern mitigations it commonly produces a denial of service or memory-disclosure primitive. The CPE cpe:2.3:a:netatalk:netatalk:*:*:* confirms the upstream Netatalk package as the affected component rather than any single downstream distribution.

RemediationAI

Upgrade to the vendor-released patch Netatalk 4.4.3, which contains the fix for the convert_charset() UCS-2 type confusion, per the advisory at https://netatalk.io/security/CVE-2026-44048; downstream distribution and NAS users should apply backported packages from their vendor as soon as those land. Where immediate upgrade is not feasible, restrict AFP (TCP 548) at the network layer to trusted management VLANs and disable guest/anonymous AFP logins to ensure only known accounts can reach the vulnerable code path, accepting the trade-off that legitimate guest workflows and remote macOS clients will break. As a stronger compensating control, disable the afpd service entirely and migrate macOS clients to SMB on the same host, which removes exposure at the cost of losing Time Machine and Apple-native metadata handling that AFP preserves.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

CVE-2026-44048 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy