Package: netatalk Version: 3.1.18~ds-1+b2 Severity: critical Tags: patch security upstream Justification: root security hole X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
This vulnerability in Netatalk arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in an out-of-bounds write to the metadata of the next heap block, potentially allowing an attacker to execute code in the root context. The upstream project has issued a patch and fixed version 3.2.1: https://netatalk.io/security/CVE-2024-38441 https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5.diff https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-1
