Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.
References
Link | Resource |
---|---|
https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316 | Product |
https://github.com/Netatalk/netatalk/issues/1096 | Broken Link Not Applicable |
https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc | Exploit Vendor Advisory |
https://netatalk.io/security/CVE-2024-38439 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Aug 2024, 19:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316 - Product | |
References | () https://github.com/Netatalk/netatalk/issues/1096 - Broken Link, Not Applicable | |
References | () https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc - Exploit, Vendor Advisory | |
References | () https://netatalk.io/security/CVE-2024-38439 - Patch, Vendor Advisory | |
First Time |
Netatalk
Netatalk netatalk |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* |
|
CWE | CWE-787 |
30 Jun 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions. | |
References |
|
19 Jun 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Jun 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-16 13:15
Updated : 2024-08-22 17:35
NVD link : CVE-2024-38439
Mitre link : CVE-2024-38439
CVE.ORG link : CVE-2024-38439
JSON object : View
Products Affected
netatalk
- netatalk
CWE
CWE-787
Out-of-bounds Write