Monthly
Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_SERVQUANT processing, affecting versions 1.5.0 through 4.4.2. An unauthenticated remote attacker can send a crafted DSI session options packet to trigger unintended session option handling, resulting in minor service disruption. No public exploit identified at time of analysis, and the High attack complexity rating (AC:H) constrains real-world exploitation to adversaries capable of precise DSI packet construction.
Missing break statement in Netatalk's DSI OpenSession handler allows DSIOPT_ATTNQUANT case to fall through into DSIOPT_SERVQUANT processing, affecting versions 1.5.0 through 4.4.2. An unauthenticated remote attacker can send a crafted DSI session options packet to trigger unintended session option handling, resulting in minor service disruption. No public exploit identified at time of analysis, and the High attack complexity rating (AC:H) constrains real-world exploitation to adversaries capable of precise DSI packet construction.