A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPTATTNQUANT switch case to fall through into DSIOPTSERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI session options.
{
"binaries": [
{
"binary_name": "a2boot",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "atalkd",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "libatalk",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "macipgw",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "netatalk",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "netatalk-tests",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "netatalk-tools",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "papd",
"binary_version": "4.2.3~ds-1"
},
{
"binary_name": "timelord",
"binary_version": "4.2.3~ds-1"
}
]
}{
"binaries": [
{
"binary_name": "a2boot",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "atalkd",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "libatalk",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "macipgw",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "netatalk",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "netatalk-tests",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "netatalk-tools",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "papd",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
},
{
"binary_name": "timelord",
"binary_version": "4.2.3~ds-2.1ubuntu0.2"
}
]
}