CVE-2024-38441 - Vulnerability Details - OpenCVE

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netatalk	Netatalk

Configuration 1 [-]

OR	cpe:2.3:a:netatalk:netatalk::::::::
	cpe:2.3:a:netatalk:netatalk::::::::
	cpe:2.3:a:netatalk:netatalk:3.2.0:::::::*

No data.

References

Link	Providers
https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333
https://github.com/Netatalk/netatalk/issues/1098
https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q
https://netatalk.io/security/CVE-2024-38441

History

Thu, 01 May 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netatalk Netatalk netatalk
CPEs		cpe:2.3:a:netatalk:netatalk:::::::: cpe:2.3:a:netatalk:netatalk:3.2.0:::::::*
Vendors & Products		Netatalk Netatalk netatalk

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-16T00:00:00

Updated: 2024-08-05T17:00:04.561Z

Reserved: 2024-06-16T00:00:00

Link: CVE-2024-38441

Vulnrichment

Updated: 2024-08-02T04:12:24.559Z

NVD

Status : Analyzed

Published: 2024-06-16T13:15:53.230

Modified: 2025-05-01T19:42:41.313

Link: CVE-2024-38441

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-38441", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-05T17:00:04.561Z", "dateReserved": "2024-06-16T00:00:00", "datePublished": "2024-06-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-30T11:42:13.867454"}, "descriptions": [{"lang": "en", "value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1098"}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"}, {"url": "https://netatalk.io/security/CVE-2024-38441"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-193", "lang": "en", "description": "CWE-193 Off-by-one Error"}]}], "affected": [{"vendor": "netatalk", "product": "netatalk", "cpes": ["cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.2.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T14:42:12.811914Z", "id": "CVE-2024-38441", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T17:00:04.561Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.559Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1098", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q", "tags": ["x_transferred"]}, {"url": "https://netatalk.io/security/CVE-2024-38441", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1098", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333", "tags": ["x_transferred"]}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q", "tags": ["x_transferred"]}, {"url": "https://netatalk.io/security/CVE-2024-38441", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.559Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38441", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-17T14:42:12.811914Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"], "vendor": "netatalk", "product": "netatalk", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-193", "description": "CWE-193 Off-by-one Error"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T14:44:39.846Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Netatalk/netatalk/issues/1098"}, {"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"}, {"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"}, {"url": "https://netatalk.io/security/CVE-2024-38441"}], "descriptions": [{"lang": "en", "value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-30T11:42:13.867454"}}}, "cveMetadata": {"cveId": "CVE-2024-38441", "state": "PUBLISHED", "dateUpdated": "2024-08-05T17:00:04.561Z", "dateReserved": "2024-06-16T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-06-16T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3F4245E-9F2F-485B-BF45-D12C4880C133", "versionEndExcluding": "2.4.1", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC79D241-5B4D-4430-9F44-5F138836EBD6", "versionEndExcluding": "3.1.19", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "252F610A-8297-4142-BD3C-45BEF57E33AB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."}, {"lang": "es", "value": "Netatalk 3.2.0 tiene un error uno por uno y el resultado es un desbordamiento del b\u00fafer basado en el mont\u00f3n debido a la configuraci\u00f3n de ibuf[len] en '\\0' en FPMapName en afp_mapname en etc/afp/directory.c."}], "id": "CVE-2024-38441", "lastModified": "2025-05-01T19:42:41.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-16T13:15:53.230", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/Netatalk/netatalk/issues/1098"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://netatalk.io/security/CVE-2024-38441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://github.com/Netatalk/netatalk/issues/1098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://netatalk.io/security/CVE-2024-38441"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}