Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
In Netatalk 2.1.0 through 4.4.2, ea header parsing heap over-read. Fixed in 4.5.0.
AnalysisAI
Heap over-read in Netatalk's extended attribute (EA) header parser affects all releases from 2.1.0 through 4.4.2, allowing authenticated remote attackers to read beyond allocated heap boundaries under high-complexity conditions. The impact is limited to partial memory disclosure (C:L) and minor availability degradation (A:L) with no integrity impact, consistent with a read-only out-of-bounds primitive. No public exploit code exists and no active exploitation has been identified; vendor-released fix 4.5.0 is available.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), enabling Unix-like systems to serve files to macOS clients. Its extended attribute (EA) handling carries HFS+/AFP metadata such as resource forks and Finder info. CWE-125 (Out-of-bounds Read) identifies the root cause: the EA header parser reads past the end of an allocated heap buffer, exposing adjacent heap memory. Despite the 'Buffer Overflow' tag applied by the reporting source (Securin), the CWE and description confirm this is a read-only over-read - no write primitive is indicated, which substantially constrains exploitability. The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* covering the entire 2.1.0-4.4.2 release series across all platforms.
RemediationAI
Upgrade Netatalk to version 4.5.0, the vendor-released patch that resolves the EA header heap over-read; this is confirmed by both the CVE description and the vendor advisory at https://netatalk.io/security/CVE-2026-44067. If an immediate upgrade is not operationally feasible, apply the following specific compensating controls with noted trade-offs: restrict access to AFP port 548 via host-based or network firewall rules to limit exposure to trusted networks only (trade-off: disrupts legitimate remote AFP clients outside the allowed range); enforce strong authentication and limit AFP user accounts to the minimum required set, reducing the pool of potential authenticated attackers (trade-off: administrative overhead); and consider disabling extended attribute support in Netatalk configuration if EA functionality is not operationally required (trade-off: may break resource fork or Finder metadata handling for macOS clients). None of these compensating controls eliminate the vulnerability - they reduce attack surface while a patch cycle is completed.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31214
GHSA-cwgp-4xrf-xr6q