Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-38440

Опубликовано: 16 июн. 2024
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8],

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
Версия от 2.0.0 (включая) до 2.4.1 (исключая)
cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
Версия от 3.0 (включая) до 3.1.19 (исключая)
cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.0066
Низкий

7.5 High

CVSS3

Дефекты

CWE-193

Связанные уязвимости

ubuntu логотип

CVE-2024-38440

CVSS3: 7.5
ubuntu
больше 1 года назад

Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x...

debian логотип

CVE-2024-38440

CVSS3: 7.5
debian
больше 1 года назад

Netatalk before 3.2.1 has an off-by-one error, and resultant heap-base ...

github логотип

GHSA-52mm-rqxx-gfq6

CVSS3: 7.5
github
больше 1 года назад

Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c.

fstec логотип

BDU:2024-04823

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость функции BN_bin2bn (etc/uams/uams_dhx_pam.c) реализации протокола Apple Filing Protocol Netatalk, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2024:2301-1

suse-cvrf
больше 1 года назад

Security update for netatalk

EPSS

Процентиль: 71%
0.0066
Низкий

7.5 High

CVSS3

Дефекты

CWE-193