Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion in convert_charset(). Fixed in 4.4.3.
AnalysisAI
Stack-based buffer overflow in Netatalk versions 2.0.4 through 4.4.2 allows authenticated remote attackers to corrupt memory via UCS-2 type confusion in the convert_charset() function, leading to high-impact compromise of confidentiality, integrity, and availability. The flaw affects Netatalk, the open-source AppleTalk/AFP file server commonly used to share files with macOS clients, and is fixed in version 4.4.3. No public exploit identified at time of analysis, though the high CVSS of 8.8 and low attack complexity warrant prompt patching.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) suite, widely deployed on Linux/BSD NAS appliances and servers to provide native file sharing for macOS clients. The vulnerable convert_charset() routine performs character-set translation between AFP wire encodings and host encodings; a type confusion involving the UCS-2 (2-byte Unicode) code path miscalculates byte lengths versus character counts and writes attacker-influenced data past a fixed-size stack buffer. This is a classic CWE-121 stack-based buffer overflow, which on systems without robust stack canaries, ASLR, or non-executable stacks can yield reliable control-flow hijacking; even with modern mitigations it commonly produces a denial of service or memory-disclosure primitive. The CPE cpe:2.3:a:netatalk:netatalk:*:*:* confirms the upstream Netatalk package as the affected component rather than any single downstream distribution.
RemediationAI
Upgrade to the vendor-released patch Netatalk 4.4.3, which contains the fix for the convert_charset() UCS-2 type confusion, per the advisory at https://netatalk.io/security/CVE-2026-44048; downstream distribution and NAS users should apply backported packages from their vendor as soon as those land. Where immediate upgrade is not feasible, restrict AFP (TCP 548) at the network layer to trusted management VLANs and disable guest/anonymous AFP logins to ensure only known accounts can reach the vulnerable code path, accepting the trade-off that legitimate guest workflows and remote macOS clients will break. As a stronger compensating control, disable the afpd service entirely and migrate macOS clients to SMB on the same host, which removes exposure at the cost of losing Time Machine and Apple-native metadata handling that AFP preserves.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31225
GHSA-4v4g-7cw5-m7vc