Flysoar

#10098of 53,622
27.4Total CVSS
Vulnerabilities · 3
High
1
Critical
2
PT-2024-28003
9.8
2024-06-16
Netatalk · Netatalk · CVE-2024-38439
**Name of the Vulnerable Software and Affected Versions** Netatalk versions prior to 3.2.1 Netatalk version 3.2.0 **Description** The issue is caused by an off-by-one error and resultant heap-based buffer overflow in the FPLoginExt function in the login module of etc/uams/uams pam.c. This occurs when setting `ibuf[PASSWDLEN]` to '0'. **Recommendations** For Netatalk version 3.2.0, update to version 3.2.1 or later to resolve the issue. For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `FPLoginExt` function in the login module until a patch is available.
PT-2024-28004
9.8
2024-06-16
Netatalk · Netatalk · CVE-2024-38441
**Name of the Vulnerable Software and Affected Versions** Netatalk versions prior to 3.2.1 Netatalk versions prior to 2.4.1 Netatalk versions prior to 3.1.19 **Description** The issue is caused by an off-by-one error and resultant heap-based buffer overflow in the FPMapName function in afp mapname in etc/afpd/directory.c, due to setting ibuf[len] to '0'. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later. For versions prior to 2.4.1, update to version 2.4.1 or later. For versions prior to 3.1.19, update to version 3.1.19 or later.
PT-2024-4334
7.8
2024-06-16
Netatalk · Netatalk · CVE-2024-38440
**Name of the Vulnerable Software and Affected Versions** Netatalk versions prior to 3.2.1 Netatalk version 3.2.0 **Description** The issue arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. The vulnerability is located in the FPLoginExt operation of Netatalk, in the `BN bin2bn` function found in etc/uams/uams dhx pam.c. **Recommendations** For Netatalk versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. For Netatalk version 3.2.0, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the `FPLoginExt` operation in Netatalk until a patch is available. Restrict access to the `BN bin2bn` function in etc/uams/uams dhx pam.c to minimize the risk of exploitation.