Description
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
Published: 2026-05-21
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Netatalk versions 2.0.4 through 4.4.2, a stack-based buffer overflow is triggered by UCS‑2 type confusion in the convert_charset() function. A remote authenticated attacker can provide crafted UCS‑2 input to overwrite control data on the stack, enabling arbitrary code execution or denial of service. The weakness is a classic stack-based buffer overflow (CWE‑121).

Affected Systems

The vulnerability affects the Netatalk file‑sharing suite. Any installation running Netatalk 2.0.4, 3.0.0, 3.2.x, or any 4.4.x release up to 4.4.2 is impacted. Versions 4.4.3 and later contain the fix.

Risk and Exploitability

The CVSS score of 8.8 reflects a high severity potential for remote exploitation. No EPSS data is available, and the flaw is not listed in CISA KEV. The exploit requires interaction with the vulnerable Netatalk service and the ability to supply UTF‑16 (UCS‑2) data to the convert_charset() routine. Once triggered, the overflow may grant code execution on the host machine. Given the lack of mitigation in unpatched versions, the risk is significant for networks exposing Netatalk services to untrusted hosts.

Generated by OpenCVE AI on May 21, 2026 at 10:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Netatalk to version 4.4.3 or later
  • Restrict Netatalk service to trusted networks or disable it if not required
  • Implement firewall rules to block connections to the Netatalk port from untrusted hosts

Generated by OpenCVE AI on May 21, 2026 at 10:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-62801 netatalk security update
History

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion in convert_charset(). Fixed in 4.4.3. A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion in convert_charset(). Fixed in 4.4.3.
Title Stack buffer overflow via UCS-2 type confusion in convert_charset()
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T07:52:08.316Z

Reserved: 2026-05-05T07:24:42.291Z

Link: CVE-2026-44048

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-21T08:16:20.360

Modified: 2026-05-21T09:16:27.023

Link: CVE-2026-44048

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T10:30:08Z

Weaknesses