CVE-2024-38439

2024-06-1613:15:53

Debian Security Bug Tracker

security-tracker.debian.org

netatalk 3.2.0 buffer overflow unix 38439 cwe-122 fploginext_ibuf_passwdlen

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to ‘\0’ in FPLoginExt in login in etc/uams/uams_pam.c.

OSVersionArchitecturePackageVersionFilename
Debian11allnetatalk<= 3.1.12~ds-8+deb11u1netatalk_3.1.12~ds-8+deb11u1_all.deb
Debian10allnetatalk<= 3.1.12~ds-3netatalk_3.1.12~ds-3_all.deb
Debian999allnetatalk<= 3.1.18~ds-1netatalk_3.1.18~ds-1_all.deb
Debian13allnetatalk<= 3.1.18~ds-1netatalk_3.1.18~ds-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	netatalk	<= 3.1.12~ds-8+deb11u1	netatalk_3.1.12~ds-8+deb11u1_all.deb
Debian	10	all	netatalk	<= 3.1.12~ds-3	netatalk_3.1.12~ds-3_all.deb
Debian	999	all	netatalk	<= 3.1.18~ds-1	netatalk_3.1.18~ds-1_all.deb
Debian	13	all	netatalk	<= 3.1.18~ds-1	netatalk_3.1.18~ds-1_all.deb