Skip to main content

Netatalk papd EUVDEUVD-2026-31213

| CVE-2026-44065 MEDIUM
Off-by-one Error (CWE-193)
2026-05-21 securin GHSA-p64q-3rgx-wmvr
4.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.2 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Severity Changed
May 21, 2026 - 08:22 NVD
LOW MEDIUM
CVSS changed
May 21, 2026 - 08:22 NVD
3.7 (LOW) 4.2 (MEDIUM)
Analysis Generated
May 21, 2026 - 08:06 vuln.today

DescriptionCVE.org

In Netatalk 2.0.0 through 4.4.2, off-by-two in papd lp_write(). Fixed in 4.5.0.

AnalysisAI

Off-by-two memory corruption in Netatalk's papd daemon affects all versions from 2.0.0 through 4.4.2, fixed in 4.5.0. The flaw resides in the lp_write() function of the Printer Access Protocol daemon, where an off-by-two boundary error can produce minor integrity and availability impact when triggered by an adjacent-network attacker. With a CVSS score of 3.7 and no public exploit or CISA KEV listing identified at time of analysis, this is a low-severity issue requiring both local network adjacency and high attack complexity, significantly limiting real-world exploitability.

Technical ContextAI

Netatalk is an open-source Unix/Linux implementation of the Apple Filing Protocol (AFP) and AppleTalk protocol suite, enabling macOS and classic Mac OS clients to connect to Unix servers for file and print sharing. The affected component is papd - the Printer Access Protocol (PAP) daemon - which handles print job data sent over AppleTalk or AFP-compatible networks. The vulnerability is classified as CWE-193 (Off-by-One Error); however, the CVE description explicitly states 'off-by-two,' indicating a two-element boundary miscalculation in the lp_write() function. This type of error typically results from an incorrect loop bound or buffer size calculation, allowing writes slightly beyond an intended buffer boundary. The affected CPE is cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* covering versions 2.0.0 through 4.4.2. The CWE-193 classification and 'off-by-two' description present a minor discrepancy - the root cause class is a buffer boundary miscalculation, but whether it is precisely one or two positions off should be verified against the vendor's patch diff.

RemediationAI

Vendor-released patch: Netatalk 4.5.0, which resolves the off-by-two error in papd's lp_write() function. Administrators should upgrade to 4.5.0 or later as the primary remediation; the vendor advisory is at https://netatalk.io/security/CVE-2026-44065. For deployments where an immediate upgrade is not feasible, a targeted compensating control is to disable the papd service entirely if printer sharing over AppleTalk/PAP is not required - this eliminates the attack surface with no functional impact on AFP file-sharing services. Additionally, because the attack vector is adjacent-network (AV:A), network segmentation that prevents untrusted hosts on the same LAN segment from reaching the papd port provides meaningful risk reduction. Firewall rules restricting access to AppleTalk/PAP ports (typically TCP 548 or the relevant papd listener) to known, authorized print clients are a practical second-layer control. Note that disabling papd affects only legacy Mac print-sharing functionality and has no impact on AFP file services.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP5 Fixed
SUSE Linux Enterprise Desktop 12 Fixed

Share

EUVD-2026-31213 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy