[Pkg-netatalk-devel] Bug#1074475: CVE-2024-38441: Heap out-of-bounds write in directory.c
Daniel Markstedt
daniel at mindani.net
Sat Jun 29 12:02:03 BST 2024
Package: netatalk
Version: 3.1.18~ds-1+b2
Severity: critical
Tags: patch security upstream
Justification: root security hole
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
This vulnerability in Netatalk arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in an out-of-bounds write to the metadata of the next heap block, potentially allowing an attacker to execute code in the root context.
The upstream project has issued a patch and fixed version 3.2.1:
https://netatalk.io/security/CVE-2024-38441
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5.diff
https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-1
More information about the pkg-netatalk-devel
mailing list