A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data.
{
"binaries": [
{
"binary_name": "a2boot",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "atalkd",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "libatalk",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "macipgw",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "netatalk",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "netatalk-tests",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "netatalk-tools",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "papd",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "timelord",
"binary_version": "4.2.3~ds-1"
}
]
}{
"binaries": [
{
"binary_name": "a2boot",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "atalkd",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "libatalk",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "macipgw",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "netatalk",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "netatalk-tests",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "netatalk-tools",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "papd",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "timelord",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
}
]
}