Description
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
Published: 2026-05-21
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerable implementation of the dsi_writeinit() function in Netatalk allows an integer underflow when processing specific input, which can cause the service to crash or become unresponsive. The flaw is an example of an arithmetic underflow (CWE‑191). When exploited, the affected Netatalk instance can be brought down, preventing legitimate clients from accessing file sharing capabilities and potentially impacting availability of any applications that rely on the service. This vulnerability does not grant an attacker additional privileges or compromise can be used to execute a denial‑of‑service attack against the target system. Updated description details are currently unavailable.

Affected Systems

Netatalk versions 1.5.0 through 4.4.2 are affected. The problem has been fixed in version 4.4.3 and later. Systems running the listed versions should be upgraded promptly to avoid the denial‑of‑service risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity for a denial of service flaw. No EPSS score is available, and the issue is not currently listed in CISA KEV, suggesting it may not yet be widely exploited. The likely attack vector is remote, as Netatalk exposes network services that can be reached from client machines. An attacker who can send crafted input to the vulnerable function could trigger repeated crashes, exhausting system resources and causing availability loss.

Generated by OpenCVE AI on May 21, 2026 at 10:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Netatalk to version 4.4.3 or later.
  • Restart the Netatalk service to apply the new version.
  • Monitor inbound traffic for attempts to trigger the denial of service and apply network filtering or access controls as a temporary safeguard.

Generated by OpenCVE AI on May 21, 2026 at 10:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-62801 netatalk security update
History

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description In Netatalk 1.5.0 through 4.4.2, integer underflow in dsi_writeinit() leads to denial of service. Fixed in 4.4.3. An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Netatalk 1.5.0 through 4.4.2, integer underflow in dsi_writeinit() leads to denial of service. Fixed in 4.4.3.
Title Integer underflow in dsi_writeinit() leads to denial of service
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T07:52:30.494Z

Reserved: 2026-05-05T07:25:12.313Z

Link: CVE-2026-44060

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-21T08:16:21.577

Modified: 2026-05-21T09:16:28.243

Link: CVE-2026-44060

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T10:45:08Z

Weaknesses