12 matches found
CVE-2024-38439
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38441
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38440
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BNbin2bn in etc/uams/uamsdhxpam.c. The original issue 1097 report stated: 'The latest version of Netatalk v3.2.0 contains a security...
CVE-2024-38439
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38439
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38441
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38441
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38439
Netatalk before 3.2.1 has multiple heap-based buffer overflow off-by-one defects. CVE-2024-38439 (ibuf[PASSWDLEN] = '\0' in FPLoginExt), CVE-2024-38440 (BN_bin2bn in FPLoginExt), and CVE-2024-38441 (ibuf[len] = '\0' in FPMapName) originate in etc/uams/uams_pam.c and etc/afp/directory.c. The issue...
CVE-2024-38440
Netatalk (AFP server) prior to 3.2.1 is affected by off-by-one errors that trigger heap-based buffer overflow/segmentation faults. The issue stems from FPLoginExt usage of BN_bin2bn in /etc/uams/uams_dhx_pam.c (and related FPMapName in afp_mapname/directory.c), enabling out-of-bounds writes and p...
CVE-2024-38441
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38439
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibufPASSWDLEN to '\0' in FPLoginExt in login in etc/uams/uamspam.c. 2.4.1 and 3.1.19 are also fixed versions...
CVE-2024-38440
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BNbin2bn in etc/uams/uamsdhxpam.c. The original issue 1097 report stated: 'The latest version of Netatalk v3.2.0 contains a security...