Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Lifecycle Timeline
2DescriptionCVE.org
In Netatalk 1.3 through 4.2.2, stack buffer overflow in desktop.c. Fixed in 4.5.0.
AnalysisAI
Stack buffer overflow in Netatalk's desktop.c affects all versions from 1.3 through 4.2.2, allowing a network-reachable low-privilege authenticated attacker to crash the AFP service or potentially execute arbitrary code on the server. The vulnerability is rooted in improper bounds checking within AFP desktop database handling code and carries a CVSS score of 6.0 (Medium) with high availability impact as the most reliably achievable outcome. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the required high attack complexity materially limits real-world exploitation risk.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), used to provide macOS-compatible file sharing from Linux and Unix servers. The vulnerable component, desktop.c, handles AFP desktop database operations - a legacy feature that allows AFP clients to store metadata such as file icons and comments server-side. CWE-121 (Stack-based Buffer Overflow) identifies the root cause: data written to a stack-allocated buffer exceeds its bounds, potentially corrupting adjacent stack memory including return addresses or local variables, enabling denial of service or code execution. The CPE string cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* covers all platform variants of Netatalk across the affected version range. The CVSS vector (AV:N/AC:H/PR:L) is consistent with the AFP service being exposed over the network but requiring an established, authenticated AFP session to reach the desktop.c code path.
RemediationAI
Upgrade to Netatalk 4.5.0 or later - this is the vendor-released patch confirmed by the CVE description and the advisory at https://netatalk.io/security/CVE-2026-44056. Consult that advisory for release notes, as intermediate versions 4.3.x and 4.4.x are not confirmed as fixed. If immediate patching is not feasible, restrict AFP service access (TCP port 548) to trusted network segments or specific authorized hosts using firewall rules; this reduces exposure without disabling AFP entirely but does not eliminate the vulnerability for authenticated internal users. As a more aggressive workaround, disable AFP desktop database functionality if the feature is not operationally required, since the overflow resides in desktop.c - note this may break legacy macOS AFP metadata features for connected clients. Disabling the AFP service entirely eliminates exposure but prevents all macOS file sharing via AFP.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31235
GHSA-rcqv-jpc6-vw57