Netatalk Heap Out-of-Bounds Read Vulnerability in Spotlight RPC Unmarshalling

A heap out-of-bounds read vulnerability has been identified in Netatalk versions 3.1.0 prior to 4.4.2. This issue arises in the Spotlight RPC unmarshalling process, where the unmarshaller fails to properly enforce request buffer boundaries. As a result, an authenticated client can exploit this flaw to crash the afpd child process, cause resource exhaustion, or expose adjacent heap data. While remote code execution is not directly possible from the reads alone, the vulnerability could be exploited under certain conditions when Spotlight is enabled.

Impact

Exploitation of this vulnerability can lead to a crash of the afpd child process, resource exhaustion, or exposure of adjacent heap data. However, it does not allow for remote code execution.

Remediation

Users can upgrade to Netatalk 4.4.3 or later, which includes the necessary patch. Alternatively, the patch can be applied to a Netatalk 4.4.2 source tree. Netatalk administrators are also advised to disable Spotlight indexing in the afp.conf file to prevent the vulnerable code path from being reached.