CVE-2024-38439 - OpenCVE

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netatalk	Netatalk

Configuration 1 [-]

OR	cpe:2.3:a:netatalk:netatalk::::::::
	cpe:2.3:a:netatalk:netatalk::::::::
	cpe:2.3:a:netatalk:netatalk:3.2.0:::::::*

No data.

References

Link	Providers
https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316
https://github.com/Netatalk/netatalk/issues/1096
https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc
https://netatalk.io/security/CVE-2024-38439

History

Wed, 07 Aug 2024 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netatalk Netatalk netatalk
Weaknesses		CWE-787
CPEs		cpe:2.3:a:netatalk:netatalk:::::::: cpe:2.3:a:netatalk:netatalk:3.2.0:::::::*
Vendors & Products		Netatalk Netatalk netatalk
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-16T00:00:00

Updated: 2024-08-22T16:49:30.004Z

Reserved: 2024-06-16T00:00:00

Link: CVE-2024-38439

Vulnrichment

Updated: 2024-08-02T04:12:24.572Z

NVD

Status : Modified

Published: 2024-06-16T13:15:53.030

Modified: 2024-08-22T17:35:02.870

Link: CVE-2024-38439

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-38439", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-22T16:49:30.004Z", "dateReserved": "2024-06-16T00:00:00", "datePublished": "2024-06-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-30T11:37:15.807115"}, "descriptions": [{"lang": "en", "value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1096"}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"}, {"url": "https://netatalk.io/security/CVE-2024-38439"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.572Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1096", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc", "tags": ["x_transferred"]}, {"url": "https://netatalk.io/security/CVE-2024-38439", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "affected": [{"vendor": "netatalk", "product": "netatalk", "cpes": ["cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0.0", "status": "affected", "lessThan": "2.4.1", "versionType": "custom"}, {"version": "3.0.0", "status": "affected", "lessThan": "3.1.19", "versionType": "custom"}, {"version": "3.2.0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-22T16:46:15.915682Z", "id": "CVE-2024-38439", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T16:49:30.004Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1096", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc", "tags": ["x_transferred"]}, {"url": "https://netatalk.io/security/CVE-2024-38439", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.572Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38439", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-22T16:46:15.915682Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"], "vendor": "netatalk", "product": "netatalk", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.4.1", "versionType": "custom"}, {"status": "affected", "version": "3.0.0", "lessThan": "3.1.19", "versionType": "custom"}, {"status": "affected", "version": "3.2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T16:47:03.452Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1096"}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"}, {"url": "https://netatalk.io/security/CVE-2024-38439"}], "descriptions": [{"lang": "en", "value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-30T11:37:15.807115"}}}, "cveMetadata": {"cveId": "CVE-2024-38439", "state": "PUBLISHED", "dateUpdated": "2024-08-22T16:49:30.004Z", "dateReserved": "2024-06-16T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-06-16T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3F4245E-9F2F-485B-BF45-D12C4880C133", "versionEndExcluding": "2.4.1", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*", "matchCriteriaId": "90E0D788-492A-4368-BB70-288288E9048F", "versionEndExcluding": "3.1.19", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "252F610A-8297-4142-BD3C-45BEF57E33AB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions."}, {"lang": "es", "value": "Netatalk 3.2.0 tiene un error de uno en uno y el resultado es un desbordamiento del b\u00fafer basado en el mont\u00f3n debido a la configuraci\u00f3n de ibuf[PASSWDLEN] en '\\0' en FPLoginExt al iniciar sesi\u00f3n en etc/uams/uams_pam.c."}], "id": "CVE-2024-38439", "lastModified": "2024-08-22T17:35:02.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-16T13:15:53.030", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Not Applicable"], "url": "https://github.com/Netatalk/netatalk/issues/1096"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://netatalk.io/security/CVE-2024-38439"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}