Description
An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.
Published: 2026-05-21
Score: 3.4 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Netatalk versions 3.0.0 through 4.4.2 contain an integer underflow in the volxlate function. The flaw allows a local privileged user to craft volume translation requests that trigger an underflow, leading to incorrect calculations. This can expose limited information, permit modification of limited data, or cause a minor service disruption. The vulnerability is represented by CWE‑191 and does not provide arbitrary code execution, but it can degrade service reliability for users with local administrative privileges.

Affected Systems

This vulnerability affects the Netatalk server software by Netatalk, specifically versions 3.0.0 through 4.4.2. All earlier releases and those beyond 4.4.2 are not impacted.

Risk and Exploitability

The assigned CVSS score of 3.4 rates the issue as low severity, and the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog. The flaw can only be triggered by a local privileged user who can send crafted volume translation requests to the Netatalk service, thereby inducing the underflow. While it does not provide arbitrary code execution, such a local attacker could read limited information, alter limited data, or cause a minor service disruption.

Generated by OpenCVE AI on May 21, 2026 at 11:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Netatalk security advisory website for any available patch that addresses the integer underflow in volxlate.
  • If an immediate upgrade is not feasible, restrict or disable external access to the Netatalk service until the patch is applied to reduce the attack surface.
  • Monitor Netatalk logs for anomalous translation requests or unexpected errors that could indicate an attempt to trigger the underflow flaw.

Generated by OpenCVE AI on May 21, 2026 at 11:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description In Netatalk 3.0.0 through 4.4.2, integer underflow in volxlate. Fixed in 4.5.0. An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Netatalk 3.0.0 through 4.4.2, integer underflow in volxlate. Fixed in 4.5.0.
Title Integer underflow in volxlate
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 3.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T07:52:48.791Z

Reserved: 2026-05-05T07:25:20.196Z

Link: CVE-2026-44069

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-21T08:16:22.583

Modified: 2026-05-21T09:16:29.143

Link: CVE-2026-44069

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T11:15:09Z

Weaknesses