[Pkg-netatalk-devel] Bug#1074474: CVE-2024-38440: Heap out-of-bounds write in uams_dhx_pam.c
Daniel Markstedt
daniel at mindani.net
Sat Jun 29 12:00:27 BST 2024
Package: netatalk
Version: 3.1.18~ds-1+b2
Severity: critical
Tags: patch security upstream
Justification: root security hole
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
This vulnerability in Netatalk arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled.
The upstream project has issued a patch and fixed version 3.2.1:
https://netatalk.io/security/CVE-2024-38440
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5.diff
https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-1
More information about the pkg-netatalk-devel
mailing list