← Back

CVE-2024-38441

nvd nist
Published: Jun 16, 2024Modified: Nov 3, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

Affected (3)

Products: Netatalk: Netatalk
Netatalk
1 product
Netatalk
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Netatalk
Netatalk
From 2.0.0 to 2.4.1
Netatalk
From 3.0 to 3.1.19
Netatalk
Version 3.2.0

Related CWEs

CWE-193
Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References (9)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
ExploitVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.