CVE-2024-38441

Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

Published: Jun 16, 2024
Updated: May 2, 2025
CVE: CVE-2024-38441
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netatalk / netatalk	3.2.0	3.2.0.x
netatalk / netatalk	2.0.0	2.4.1
netatalk / netatalk	3.0	3.1.19

https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333
https://github.com/Netatalk/netatalk/issues/1098
https://github.com/Netatalk/netatalk/security/advisories/GHSA-mj6v-cr68-mj9q
https://netatalk.io/security/CVE-2024-38441

Vulnerability Database

289,697

CVE-2024-38441