CVE-2024-38441

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38441
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333 Product
https://github.com/Netatalk/netatalk/issues/1098 Not Applicable
https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q Exploit Vendor Advisory
https://netatalk.io/security/CVE-2024-38441 Vendor Advisory
https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333 Product
https://github.com/Netatalk/netatalk/issues/1098 Not Applicable
https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q Exploit Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html
https://netatalk.io/security/CVE-2024-38441 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*
History

03 Nov 2025, 22:17

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html -

01 May 2025, 19:42

Type Values Removed Values Added
CPE cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*
First Time Netatalk
Netatalk netatalk
References () https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333 - () https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333 - Product
References () https://github.com/Netatalk/netatalk/issues/1098 - () https://github.com/Netatalk/netatalk/issues/1098 - Not Applicable
References () https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q - () https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q - Exploit, Vendor Advisory
References () https://netatalk.io/security/CVE-2024-38441 - () https://netatalk.io/security/CVE-2024-38441 - Vendor Advisory

21 Nov 2024, 09:25

Type Values Removed Values Added
References () https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333 - () https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333 -
References () https://github.com/Netatalk/netatalk/issues/1098 - () https://github.com/Netatalk/netatalk/issues/1098 -
References () https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q - () https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q -
References () https://netatalk.io/security/CVE-2024-38441 - () https://netatalk.io/security/CVE-2024-38441 -

05 Aug 2024, 17:35

Type Values Removed Values Added
CWE CWE-120 CWE-193

03 Jul 2024, 02:05

Type Values Removed Values Added
CWE CWE-120
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

30 Jun 2024, 12:15

Type Values Removed Values Added
References
  • () https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q -
  • () https://netatalk.io/security/CVE-2024-38441 -
Summary (en) Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. (en) Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

19 Jun 2024, 15:16

Type Values Removed Values Added
References
  • () https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333 -
Summary (en) Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afp/directory.c. (en) Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c.

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Netatalk 3.2.0 tiene un error uno por uno y el resultado es un desbordamiento del búfer basado en el montón debido a la configuración de ibuf[len] en '\0' en FPMapName en afp_mapname en etc/afp/directory.c.

16 Jun 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-16 13:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-38441

Mitre link : CVE-2024-38441

CVE.ORG link : CVE-2024-38441

JSON object : View

Products Affected

netatalk

  • netatalk
CWE
CWE-193

Off-by-one Error