CVE-2026-44062

Published: May 21, 2026Modified: May 21, 2026Deferred

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c (Secondary)

Description

A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://netatalk.io/security/CVE-2026-44062

Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c

Timeline

No history available yet.