Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 1.3 through 4.4.2, asp session id out-of-bounds access. Fixed in 4.4.3.
AnalysisAI
Out-of-bounds read in Netatalk versions 1.3 through 4.4.2 allows adjacent network attackers to trigger denial of service and potentially disclose memory contents via malformed ASP (AppleTalk Session Protocol) session IDs. The flaw, classified as CWE-125, was fixed in version 4.4.3, and no public exploit identified at time of analysis. CVSS 7.1 reflects an adjacent-network attack vector with no privileges required and a high availability impact.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP) suite, providing file and print services to macOS and classic Mac clients on Unix-like systems. The vulnerability resides in the handling of ASP (AppleTalk Session Protocol) session identifiers, where the daemon performs an out-of-bounds memory read (CWE-125) when processing a crafted session ID. The CPE cpe:2.3:a:netatalk:netatalk:* covers all Netatalk builds in the 1.3-4.4.2 lineage, indicating the defect persisted across a long span of releases in the session-management code path.
RemediationAI
Vendor-released patch: Netatalk 4.4.3 - upgrade afpd/atalkd packages to 4.4.3 or later as referenced in the advisory at https://netatalk.io/security/CVE-2026-44064. Where immediate patching is not possible, restrict reachability to the AFP/ASP service (TCP 548 and any legacy AppleTalk transports) using host firewalls or segment ACLs so that only trusted client subnets can reach the daemon, which neutralizes the adjacent-network attack vector at the cost of breaking Mac client connectivity from untrusted segments. On NAS appliances or distributions that have not yet shipped a 4.4.3-based package, disable the Netatalk/AFP service entirely and migrate clients to SMB (macOS has supported SMB as the default for years), accepting the loss of legacy AppleTalk/Time Machine-over-AFP features.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31240
GHSA-4pvp-5874-59c5