Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to ‘\0’ in FPLoginExt in login in etc/uams/uams_pam.c.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | netatalk | <= 3.1.12~ds-8+deb11u1 | netatalk_3.1.12~ds-8+deb11u1_all.deb |
Debian | 10 | all | netatalk | <= 3.1.12~ds-3 | netatalk_3.1.12~ds-3_all.deb |
Debian | 999 | all | netatalk | <= 3.1.18~ds-1 | netatalk_3.1.18~ds-1_all.deb |
Debian | 13 | all | netatalk | <= 3.1.18~ds-1 | netatalk_3.1.18~ds-1_all.deb |