Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 2.0.4 through 4.4.2, missing o_len bounds check in pull_charset_flags(). Fixed in 4.4.3.
AnalysisAI
Out-of-bounds write in Netatalk versions 2.0.4 through 4.4.2 stems from a missing o_len bounds check in the pull_charset_flags() character-set conversion routine, enabling remote attackers with low privileges to corrupt memory and potentially compromise confidentiality, integrity, and availability of the AFP file server. The flaw is addressed in Netatalk 4.4.3, and no public exploit has been identified at time of analysis.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) suite, widely deployed on Linux/BSD systems (including NAS appliances) to provide file and print services to macOS clients. The vulnerable function pull_charset_flags() is part of Netatalk's Unicode/charset conversion layer, which translates between AFP's UTF-16 representations and host-side encodings; the missing o_len (output length) bounds check is a classic CWE-787 out-of-bounds write, where the routine writes converted bytes into a destination buffer without verifying remaining capacity. CPE data confirms the affected product as cpe:2.3:a:netatalk:netatalk across all versions in the 2.0.4-4.4.2 range, indicating a long-lived defect spanning multiple major releases of the codebase.
RemediationAI
Upgrade to Netatalk 4.4.3 or later, which contains the vendor-released patch adding the missing o_len bounds check in pull_charset_flags(); details are published at https://netatalk.io/security/CVE-2026-44062. For appliances or distributions where 4.4.3 is not yet packaged, compensating controls include disabling the afpd service entirely where AFP is no longer required (Apple has moved macOS clients to SMB by default since macOS 10.9), restricting AFP TCP port 548 to trusted management VLANs at the firewall, and tightening authentication by disabling guest/anonymous AFP access in afp.conf so that the PR:L precondition cannot be satisfied by unauthenticated attackers; the trade-off is loss of file-sharing functionality for legitimate macOS clients still relying on AFP.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31239
GHSA-3q98-qc2j-57pp