{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2024-38440","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-11-03T21:55:37.999Z","dateReserved":"2024-06-16T00:00:00.000Z","datePublished":"2024-06-16T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2024-06-30T11:46:48.612Z"},"descriptions":[{"lang":"en","value":"Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: \"afpd\", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=, ibuf=0x62d000010424 \"\", ibuflen=0xffffffffffff0015, rbuf=, rbuflen=) ... afp_over_dsi(obj=0x5555556154c0 ).' 2.4.1 and 3.1.19 are also fixed versions."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://github.com/Netatalk/netatalk/issues/1097"},{"url":"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200"},{"url":"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5"},{"url":"https://netatalk.io/security/CVE-2024-38440"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://github.com/Netatalk/netatalk/issues/1097","tags":["x_transferred"]},{"url":"https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_dhx_pam.c#L199-L200","tags":["x_transferred"]},{"url":"https://github.com/Netatalk/netatalk/security/advisories/GHSA-mxx4-9fhm-r3w5","tags":["x_transferred"]},{"url":"https://netatalk.io/security/CVE-2024-38440","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:55:37.999Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-193","lang":"en","description":"CWE-193 Off-by-one Error"}]}],"affected":[{"vendor":"netatalk","product":"netatalk","cpes":["cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"3.2.1","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-05T16:58:42.371385Z","id":"CVE-2024-38440","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-05T17:00:08.308Z"}}]},"dataVersion":"5.2"}