What the vulnerability does

01Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Key dates

02Disclosure timeline

December 20, 2018 CVE published
February 13, 2026 Record updated