Description
A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.
Published: 2026-05-21
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds write caused by a missing output length bounds check on the 'o_len' parameter in the pull_charset_flags() function of Netatalk versions 2.0.4 through 4.4.2. A remote authenticated attacker can send specially crafted character set data to trigger the flaw, potentially allowing arbitrary code execution or causing a denial of service. This mismatch is classified as CWE-787 and means that successful exploitation could compromise confidentiality, integrity, and availability of the affected system.

Affected Systems

Affected are Netatalk installations from version 2.0.4 through 4.4.2, provided by the Netatalk project. No specific fix version is listed; organizations should reference the vendor to determine the patched release.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity; the EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, so public exploitation is not yet documented. Nevertheless, an authenticated attacker who accesses the Netatalk service could exploit the flaw via network. The lack of bounds checking also suggests that accidental exploitation is possible if malformed input is processed.

Generated by OpenCVE AI on May 21, 2026 at 11:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Netatalk release that resolves the missing bounds check.
  • If upgrading immediately is not possible, restrict the Netatalk service to trusted networks only, blocking public exposure.
  • Monitor Netatalk logs for unusually large or malformed character set data that could indicate exploitation attempts.
  • Consult the Netatalk project website or contact maintainers for the latest security advisories and patch instructions.

Generated by OpenCVE AI on May 21, 2026 at 11:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-62801 netatalk security update
History

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.0.4 through 4.4.2, missing o_len bounds check in pull_charset_flags(). Fixed in 4.4.3. A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.0.4 through 4.4.2, missing o_len bounds check in pull_charset_flags(). Fixed in 4.4.3.
Title Missing o_len bounds check in pull_charset_flags()
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T07:52:34.292Z

Reserved: 2026-05-05T07:25:12.313Z

Link: CVE-2026-44062

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-21T08:16:21.797

Modified: 2026-05-21T09:16:28.437

Link: CVE-2026-44062

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T11:15:09Z

Weaknesses