Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-38441 (GCVE-0-2024-38441)
Vulnerability from cvelistv5 – Published: 2024-06-16 00:00 – Updated: 2025-11-03 21:55
VLAI
EPSS
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netatalk",
"vendor": "netatalk",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T14:42:12.811914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:00:04.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:39.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"tags": [
"x_transferred"
],
"url": "https://netatalk.io/security/CVE-2024-38441"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T11:42:13.867Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"url": "https://netatalk.io/security/CVE-2024-38441"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38441",
"datePublished": "2024-06-16T00:00:00.000Z",
"dateReserved": "2024-06-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:55:39.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-38441",
"date": "2026-05-27",
"epss": "0.00718",
"percentile": "0.72676"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.\"}, {\"lang\": \"es\", \"value\": \"Netatalk 3.2.0 tiene un error uno por uno y el resultado es un desbordamiento del b\\u00fafer basado en el mont\\u00f3n debido a la configuraci\\u00f3n de ibuf[len] en \u0027\\\\0\u0027 en FPMapName en afp_mapname en etc/afp/directory.c.\"}]",
"id": "CVE-2024-38441",
"lastModified": "2024-11-21T09:25:52.753",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-06-16T13:15:53.230",
"references": "[{\"url\": \"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/Netatalk/netatalk/issues/1098\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://netatalk.io/security/CVE-2024-38441\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/Netatalk/netatalk/issues/1098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://netatalk.io/security/CVE-2024-38441\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-193\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38441\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-06-16T13:15:53.230\",\"lastModified\":\"2025-11-03T22:17:01.470\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.\"},{\"lang\":\"es\",\"value\":\"Netatalk 3.2.0 tiene un error uno por uno y el resultado es un desbordamiento del b\u00fafer basado en el mont\u00f3n debido a la configuraci\u00f3n de ibuf[len] en \u0027\\\\0\u0027 en FPMapName en afp_mapname en etc/afp/directory.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-193\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.4.1\",\"matchCriteriaId\":\"C3F4245E-9F2F-485B-BF45-D12C4880C133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndExcluding\":\"3.1.19\",\"matchCriteriaId\":\"BC79D241-5B4D-4430-9F44-5F138836EBD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252F610A-8297-4142-BD3C-45BEF57E33AB\"}]}]}],\"references\":[{\"url\":\"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/Netatalk/netatalk/issues/1098\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://netatalk.io/security/CVE-2024-38441\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/Netatalk/netatalk/issues/1098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://netatalk.io/security/CVE-2024-38441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/Netatalk/netatalk/issues/1098\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://netatalk.io/security/CVE-2024-38441\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:55:39.496Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38441\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-17T14:42:12.811914Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*\"], \"vendor\": \"netatalk\", \"product\": \"netatalk\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.2.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-193\", \"description\": \"CWE-193 Off-by-one Error\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-17T14:44:39.846Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/Netatalk/netatalk/issues/1098\"}, {\"url\": \"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333\"}, {\"url\": \"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q\"}, {\"url\": \"https://netatalk.io/security/CVE-2024-38441\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-06-30T11:42:13.867Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38441\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:55:39.496Z\", \"dateReserved\": \"2024-06-16T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-06-16T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0747
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | HybridDesk Station versions 4.2.x antérieures à 4.2.18 | ||
| Qnap | N/A | File Station 5 versions 5.5.x antérieures à 5.5.6.4907 | ||
| Qnap | N/A | Photo Station versions 6.4.x antérieures à 6.4.5 ( 2025/01/02 ) | ||
| Qnap | N/A | QuRouter versions 2.5.x antérieures à 2.5.1.060 | ||
| Qnap | N/A | License Center versions 1.8.x antérieures à 1.8.51 | ||
| Qnap | N/A | QuTS hero versions h5.2.x antérieures à h5.2.5.3138 build 20250519 | ||
| Qnap | N/A | License Center versions 1.9.x antérieures à 1.9.51 | ||
| Qnap | N/A | QTS versions 5.2.x antérieures à 5.2.5.3145 build 20250526 | ||
| Qnap | N/A | Qsync Central versions 4.5.x antérieures à 4.5.0.7 ( 2025/04/23 ) | ||
| Qnap | N/A | Qsync Central versions 5.0.x antérieures à 5.0.0.0 ( 2025/06/13 ) | ||
| Qnap | N/A | VioStor NVR: QVR versions 5.1.x antérieures à 5.1.6 build 20250621 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HybridDesk Station versions 4.2.x ant\u00e9rieures \u00e0 4.2.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "File Station 5 versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.4907",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Photo Station versions 6.4.x ant\u00e9rieures \u00e0 6.4.5 ( 2025/01/02 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuRouter versions 2.5.x ant\u00e9rieures \u00e0 2.5.1.060",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.51",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.5.3138 build 20250519",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 1.9.x ant\u00e9rieures \u00e0 1.9.51",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.5.3145 build 20250526",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central versions 4.5.x ant\u00e9rieures \u00e0 4.5.0.7 ( 2025/04/23 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central versions 5.0.x ant\u00e9rieures \u00e0 5.0.0.0 ( 2025/06/13 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "VioStor NVR: QVR versions 5.1.x ant\u00e9rieures \u00e0 5.1.6 build 20250621",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30275"
},
{
"name": "CVE-2025-29878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29878"
},
{
"name": "CVE-2025-52861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52861"
},
{
"name": "CVE-2025-30270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30270"
},
{
"name": "CVE-2024-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38439"
},
{
"name": "CVE-2025-30268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30268"
},
{
"name": "CVE-2025-30273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30273"
},
{
"name": "CVE-2025-29882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29882"
},
{
"name": "CVE-2025-29888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29888"
},
{
"name": "CVE-2025-30265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30265"
},
{
"name": "CVE-2025-29887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29887"
},
{
"name": "CVE-2024-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38441"
},
{
"name": "CVE-2025-30271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30271"
},
{
"name": "CVE-2025-29886",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29886"
},
{
"name": "CVE-2025-30263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30263"
},
{
"name": "CVE-2025-30277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30277"
},
{
"name": "CVE-2025-22483",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22483"
},
{
"name": "CVE-2025-29894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29894"
},
{
"name": "CVE-2025-29893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29893"
},
{
"name": "CVE-2025-30267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30267"
},
{
"name": "CVE-2025-52856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52856"
},
{
"name": "CVE-2025-29879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29879"
},
{
"name": "CVE-2025-29889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29889"
},
{
"name": "CVE-2025-29890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29890"
},
{
"name": "CVE-2025-33032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33032"
},
{
"name": "CVE-2025-30264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30264"
},
{
"name": "CVE-2025-30278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30278"
},
{
"name": "CVE-2025-44015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-44015"
},
{
"name": "CVE-2025-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30261"
},
{
"name": "CVE-2024-12923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12923"
},
{
"name": "CVE-2025-33038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33038"
},
{
"name": "CVE-2025-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33036"
},
{
"name": "CVE-2025-30272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30272"
},
{
"name": "CVE-2025-30262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30262"
},
{
"name": "CVE-2025-29898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29898"
},
{
"name": "CVE-2025-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33033"
},
{
"name": "CVE-2023-42464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42464"
},
{
"name": "CVE-2022-45188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45188"
},
{
"name": "CVE-2025-30260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30260"
},
{
"name": "CVE-2025-29899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29899"
},
{
"name": "CVE-2025-29875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29875"
},
{
"name": "CVE-2025-30274",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30274"
},
{
"name": "CVE-2024-38440",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38440"
},
{
"name": "CVE-2025-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29900"
},
{
"name": "CVE-2025-29874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29874"
},
{
"name": "CVE-2022-22995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22995"
},
{
"name": "CVE-2025-33037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33037"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0747",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-22",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-22"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-28",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-28"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-24",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-24"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-25",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-25"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-27",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-27"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-21",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-21"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-20",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-20"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-29",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-29"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-23",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-23"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-19",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-19"
}
]
}
CERTFR-2025-AVI-0747
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | HybridDesk Station versions 4.2.x antérieures à 4.2.18 | ||
| Qnap | N/A | File Station 5 versions 5.5.x antérieures à 5.5.6.4907 | ||
| Qnap | N/A | Photo Station versions 6.4.x antérieures à 6.4.5 ( 2025/01/02 ) | ||
| Qnap | N/A | QuRouter versions 2.5.x antérieures à 2.5.1.060 | ||
| Qnap | N/A | License Center versions 1.8.x antérieures à 1.8.51 | ||
| Qnap | N/A | QuTS hero versions h5.2.x antérieures à h5.2.5.3138 build 20250519 | ||
| Qnap | N/A | License Center versions 1.9.x antérieures à 1.9.51 | ||
| Qnap | N/A | QTS versions 5.2.x antérieures à 5.2.5.3145 build 20250526 | ||
| Qnap | N/A | Qsync Central versions 4.5.x antérieures à 4.5.0.7 ( 2025/04/23 ) | ||
| Qnap | N/A | Qsync Central versions 5.0.x antérieures à 5.0.0.0 ( 2025/06/13 ) | ||
| Qnap | N/A | VioStor NVR: QVR versions 5.1.x antérieures à 5.1.6 build 20250621 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HybridDesk Station versions 4.2.x ant\u00e9rieures \u00e0 4.2.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "File Station 5 versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.4907",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Photo Station versions 6.4.x ant\u00e9rieures \u00e0 6.4.5 ( 2025/01/02 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuRouter versions 2.5.x ant\u00e9rieures \u00e0 2.5.1.060",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.51",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.5.3138 build 20250519",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 1.9.x ant\u00e9rieures \u00e0 1.9.51",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.5.3145 build 20250526",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central versions 4.5.x ant\u00e9rieures \u00e0 4.5.0.7 ( 2025/04/23 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central versions 5.0.x ant\u00e9rieures \u00e0 5.0.0.0 ( 2025/06/13 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "VioStor NVR: QVR versions 5.1.x ant\u00e9rieures \u00e0 5.1.6 build 20250621",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30275",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30275"
},
{
"name": "CVE-2025-29878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29878"
},
{
"name": "CVE-2025-52861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52861"
},
{
"name": "CVE-2025-30270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30270"
},
{
"name": "CVE-2024-38439",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38439"
},
{
"name": "CVE-2025-30268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30268"
},
{
"name": "CVE-2025-30273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30273"
},
{
"name": "CVE-2025-29882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29882"
},
{
"name": "CVE-2025-29888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29888"
},
{
"name": "CVE-2025-30265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30265"
},
{
"name": "CVE-2025-29887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29887"
},
{
"name": "CVE-2024-38441",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38441"
},
{
"name": "CVE-2025-30271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30271"
},
{
"name": "CVE-2025-29886",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29886"
},
{
"name": "CVE-2025-30263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30263"
},
{
"name": "CVE-2025-30277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30277"
},
{
"name": "CVE-2025-22483",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22483"
},
{
"name": "CVE-2025-29894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29894"
},
{
"name": "CVE-2025-29893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29893"
},
{
"name": "CVE-2025-30267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30267"
},
{
"name": "CVE-2025-52856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52856"
},
{
"name": "CVE-2025-29879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29879"
},
{
"name": "CVE-2025-29889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29889"
},
{
"name": "CVE-2025-29890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29890"
},
{
"name": "CVE-2025-33032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33032"
},
{
"name": "CVE-2025-30264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30264"
},
{
"name": "CVE-2025-30278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30278"
},
{
"name": "CVE-2025-44015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-44015"
},
{
"name": "CVE-2025-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30261"
},
{
"name": "CVE-2024-12923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12923"
},
{
"name": "CVE-2025-33038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33038"
},
{
"name": "CVE-2025-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33036"
},
{
"name": "CVE-2025-30272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30272"
},
{
"name": "CVE-2025-30262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30262"
},
{
"name": "CVE-2025-29898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29898"
},
{
"name": "CVE-2025-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33033"
},
{
"name": "CVE-2023-42464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42464"
},
{
"name": "CVE-2022-45188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45188"
},
{
"name": "CVE-2025-30260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30260"
},
{
"name": "CVE-2025-29899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29899"
},
{
"name": "CVE-2025-29875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29875"
},
{
"name": "CVE-2025-30274",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30274"
},
{
"name": "CVE-2024-38440",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38440"
},
{
"name": "CVE-2025-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29900"
},
{
"name": "CVE-2025-29874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29874"
},
{
"name": "CVE-2022-22995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22995"
},
{
"name": "CVE-2025-33037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33037"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0747",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-22",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-22"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-28",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-28"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-24",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-24"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-25",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-25"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-27",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-27"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-21",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-21"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-20",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-20"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-29",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-29"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-23",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-23"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-19",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-19"
}
]
}
FKIE_CVE-2024-38441
Vulnerability from fkie_nvd - Published: 2024-06-16 13:15 - Updated: 2025-11-03 22:17
Severity
Summary
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F4245E-9F2F-485B-BF45-D12C4880C133",
"versionEndExcluding": "2.4.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC79D241-5B4D-4430-9F44-5F138836EBD6",
"versionEndExcluding": "3.1.19",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "252F610A-8297-4142-BD3C-45BEF57E33AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions."
},
{
"lang": "es",
"value": "Netatalk 3.2.0 tiene un error uno por uno y el resultado es un desbordamiento del b\u00fafer basado en el mont\u00f3n debido a la configuraci\u00f3n de ibuf[len] en \u0027\\0\u0027 en FPMapName en afp_mapname en etc/afp/directory.c."
}
],
"id": "CVE-2024-38441",
"lastModified": "2025-11-03T22:17:01.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-16T13:15:53.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://netatalk.io/security/CVE-2024-38441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://netatalk.io/security/CVE-2024-38441"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-J764-4V6H-PQP7
Vulnerability from github – Published: 2024-06-16 15:30 – Updated: 2025-11-04 00:30
VLAI
Details
Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afp/directory.c.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2024-38441"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-16T13:15:53Z",
"severity": "CRITICAL"
},
"details": "Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\0\u0027 in FPMapName in afp_mapname in etc/afp/directory.c.",
"id": "GHSA-j764-4v6h-pqp7",
"modified": "2025-11-04T00:30:49Z",
"published": "2024-06-16T15:30:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38441"
},
{
"type": "WEB",
"url": "https://github.com/Netatalk/netatalk/issues/1098"
},
{
"type": "WEB",
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"
},
{
"type": "WEB",
"url": "https://netatalk.io/security/CVE-2024-38441"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
SUSE-SU-2024:2301-1
Vulnerability from csaf_suse - Published: 2024-07-04 13:17 - Updated: 2024-07-04 13:17Summary
Security update for netatalk
Severity
Important
Notes
Title of the patch: Security update for netatalk
Description of the patch: This update for netatalk fixes the following issues:
- CVE-2024-38439: Fixed a heap buffer overflow because of setting
ibuf[PASSWDLEN] to \0 in FPLoginExt in login in etc/uams/uams_pam.c
(bsc#1226430).
- CVE-2024-38440: Fixed a heap buffer overflow because of incorrectly
using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c
(bsc#1226429).
- CVE-2024-38441: Fixed a heap buffer overflow because of setting
ibuf[len] to \0 in FPMapName in afp_mapname in etc/afp/directory.c
(bsc#1226431).
Patchnames: SUSE-2024-2301,SUSE-SLE-SDK-12-SP5-2024-2301,SUSE-SLE-WE-12-SP5-2024-2301
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for netatalk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for netatalk fixes the following issues:\n\n- CVE-2024-38439: Fixed a heap buffer overflow because of setting\n ibuf[PASSWDLEN] to \\0 in FPLoginExt in login in etc/uams/uams_pam.c\n (bsc#1226430).\n- CVE-2024-38440: Fixed a heap buffer overflow because of incorrectly\n using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c\n (bsc#1226429).\n- CVE-2024-38441: Fixed a heap buffer overflow because of setting\n ibuf[len] to \\0 in FPMapName in afp_mapname in etc/afp/directory.c\n (bsc#1226431).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2301,SUSE-SLE-SDK-12-SP5-2024-2301,SUSE-SLE-WE-12-SP5-2024-2301",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2301-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2301-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242301-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2301-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-July/035825.html"
},
{
"category": "self",
"summary": "SUSE Bug 1226429",
"url": "https://bugzilla.suse.com/1226429"
},
{
"category": "self",
"summary": "SUSE Bug 1226430",
"url": "https://bugzilla.suse.com/1226430"
},
{
"category": "self",
"summary": "SUSE Bug 1226431",
"url": "https://bugzilla.suse.com/1226431"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38439 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38440 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38441 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38441/"
}
],
"title": "Security update for netatalk",
"tracking": {
"current_release_date": "2024-07-04T13:17:32Z",
"generator": {
"date": "2024-07-04T13:17:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2301-1",
"initial_release_date": "2024-07-04T13:17:32Z",
"revision_history": [
{
"date": "2024-07-04T13:17:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libatalk0-3.1.18-3.25.1.aarch64",
"product": {
"name": "libatalk0-3.1.18-3.25.1.aarch64",
"product_id": "libatalk0-3.1.18-3.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.18-3.25.1.aarch64",
"product": {
"name": "netatalk-3.1.18-3.25.1.aarch64",
"product_id": "netatalk-3.1.18-3.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.18-3.25.1.aarch64",
"product": {
"name": "netatalk-devel-3.1.18-3.25.1.aarch64",
"product_id": "netatalk-devel-3.1.18-3.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk0-3.1.18-3.25.1.i586",
"product": {
"name": "libatalk0-3.1.18-3.25.1.i586",
"product_id": "libatalk0-3.1.18-3.25.1.i586"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.18-3.25.1.i586",
"product": {
"name": "netatalk-3.1.18-3.25.1.i586",
"product_id": "netatalk-3.1.18-3.25.1.i586"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.18-3.25.1.i586",
"product": {
"name": "netatalk-devel-3.1.18-3.25.1.i586",
"product_id": "netatalk-devel-3.1.18-3.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk0-3.1.18-3.25.1.ppc64le",
"product": {
"name": "libatalk0-3.1.18-3.25.1.ppc64le",
"product_id": "libatalk0-3.1.18-3.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.18-3.25.1.ppc64le",
"product": {
"name": "netatalk-3.1.18-3.25.1.ppc64le",
"product_id": "netatalk-3.1.18-3.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.18-3.25.1.ppc64le",
"product": {
"name": "netatalk-devel-3.1.18-3.25.1.ppc64le",
"product_id": "netatalk-devel-3.1.18-3.25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk0-3.1.18-3.25.1.s390",
"product": {
"name": "libatalk0-3.1.18-3.25.1.s390",
"product_id": "libatalk0-3.1.18-3.25.1.s390"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.18-3.25.1.s390",
"product": {
"name": "netatalk-3.1.18-3.25.1.s390",
"product_id": "netatalk-3.1.18-3.25.1.s390"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.18-3.25.1.s390",
"product": {
"name": "netatalk-devel-3.1.18-3.25.1.s390",
"product_id": "netatalk-devel-3.1.18-3.25.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk0-3.1.18-3.25.1.s390x",
"product": {
"name": "libatalk0-3.1.18-3.25.1.s390x",
"product_id": "libatalk0-3.1.18-3.25.1.s390x"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.18-3.25.1.s390x",
"product": {
"name": "netatalk-3.1.18-3.25.1.s390x",
"product_id": "netatalk-3.1.18-3.25.1.s390x"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.18-3.25.1.s390x",
"product": {
"name": "netatalk-devel-3.1.18-3.25.1.s390x",
"product_id": "netatalk-devel-3.1.18-3.25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libatalk0-3.1.18-3.25.1.x86_64",
"product": {
"name": "libatalk0-3.1.18-3.25.1.x86_64",
"product_id": "libatalk0-3.1.18-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "netatalk-3.1.18-3.25.1.x86_64",
"product": {
"name": "netatalk-3.1.18-3.25.1.x86_64",
"product_id": "netatalk-3.1.18-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "netatalk-devel-3.1.18-3.25.1.x86_64",
"product": {
"name": "netatalk-devel-3.1.18-3.25.1.x86_64",
"product_id": "netatalk-devel-3.1.18-3.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk0-3.1.18-3.25.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64"
},
"product_reference": "libatalk0-3.1.18-3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk0-3.1.18-3.25.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le"
},
"product_reference": "libatalk0-3.1.18-3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk0-3.1.18-3.25.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x"
},
"product_reference": "libatalk0-3.1.18-3.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk0-3.1.18-3.25.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64"
},
"product_reference": "libatalk0-3.1.18-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.18-3.25.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64"
},
"product_reference": "netatalk-3.1.18-3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.18-3.25.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le"
},
"product_reference": "netatalk-3.1.18-3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.18-3.25.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x"
},
"product_reference": "netatalk-3.1.18-3.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.18-3.25.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64"
},
"product_reference": "netatalk-3.1.18-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.18-3.25.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64"
},
"product_reference": "netatalk-devel-3.1.18-3.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.18-3.25.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le"
},
"product_reference": "netatalk-devel-3.1.18-3.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.18-3.25.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x"
},
"product_reference": "netatalk-devel-3.1.18-3.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.18-3.25.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
},
"product_reference": "netatalk-devel-3.1.18-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libatalk0-3.1.18-3.25.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64"
},
"product_reference": "libatalk0-3.1.18-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-3.1.18-3.25.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64"
},
"product_reference": "netatalk-3.1.18-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netatalk-devel-3.1.18-3.25.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
},
"product_reference": "netatalk-devel-3.1.18-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38439"
}
],
"notes": [
{
"category": "general",
"text": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to \u0027\\0\u0027 in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38439",
"url": "https://www.suse.com/security/cve/CVE-2024-38439"
},
{
"category": "external",
"summary": "SUSE Bug 1226430 for CVE-2024-38439",
"url": "https://bugzilla.suse.com/1226430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-04T13:17:32Z",
"details": "important"
}
],
"title": "CVE-2024-38439"
},
{
"cve": "CVE-2024-38440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38440"
}
],
"notes": [
{
"category": "general",
"text": "Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: \u0027The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: \"afpd\", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=\u003coptimized out\u003e, ibuf=0x62d000010424 \"\", ibuflen=0xffffffffffff0015, rbuf=\u003coptimized out\u003e, rbuflen=\u003coptimized out\u003e) ... afp_over_dsi(obj=0x5555556154c0 \u003cobj\u003e).\u0027 2.4.1 and 3.1.19 are also fixed versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38440",
"url": "https://www.suse.com/security/cve/CVE-2024-38440"
},
{
"category": "external",
"summary": "SUSE Bug 1226429 for CVE-2024-38440",
"url": "https://bugzilla.suse.com/1226429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-04T13:17:32Z",
"details": "important"
}
],
"title": "CVE-2024-38440"
},
{
"cve": "CVE-2024-38441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38441"
}
],
"notes": [
{
"category": "general",
"text": "Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to \u0027\\0\u0027 in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38441",
"url": "https://www.suse.com/security/cve/CVE-2024-38441"
},
{
"category": "external",
"summary": "SUSE Bug 1226431 for CVE-2024-38441",
"url": "https://bugzilla.suse.com/1226431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-04T13:17:32Z",
"details": "important"
}
],
"title": "CVE-2024-38441"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…