Volerion logoVolerion
Volerion logoVolerion

Netatalk Out-of-Bounds Access Vulnerability in ASP Session ID Handling

Vulnerability

A vulnerability allowing out-of-bounds access has been identified in Netatalk versions 1.3 through 4.4.2. This issue arises from legacy ASP/DDP session management, where an attacker-controlled session identifier is used as an array index without proper validation against the session table size. As a result, an unauthenticated network attacker could potentially crash the service. While reliable code execution is less certain, the possibility exists.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the service to crash. Additionally, there is a potential, albeit uncertain, risk of arbitrary code execution.

Remediation

Users can upgrade to Netatalk version 4.4.3 or later, which includes the necessary patch. Alternatively, the patch can be applied to a Netatalk 4.4.2 source tree. Netatalk administrators are advised to take action as soon as possible.

Added: May 21, 2026, 8:35 AM
Updated: May 21, 2026, 8:35 AM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
4.3
remediation
8.3
relevance
9.0
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.