Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38440

EPSS 0.70% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-38440

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).' 2.4.1 and 3.1.19 are also fixed versions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Netatalk 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Netatalk是一款开源软件,为 Classic Mac OS 和 macOS 在 Unix-like OS 上提供 AFP 文件服务器功能。 Netatalk 3.2.0 版本存在安全漏洞,该漏洞源于etc/uams/uams_dhx_pam.c 中的 BN_bin2bn 错误使用 FPLoginExt,导致基于堆的缓冲区溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2024-38440

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-38440

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-06-16 · 23 CVEs total

CVE-2024-60396.3 MEDIUMFeng Office Workspaces sql injection
CVE-2024-384604.9 MEDIUMSonarSource SonarQube 安全漏洞
CVE-2024-38454Packet Tide ExpressionEngine 跨站脚本漏洞
CVE-2023-27636Progress Sitefinity 安全漏洞
CVE-2024-34451Ghost CMS 安全漏洞
CVE-2024-38465Shenzhen Guoxin Synthesis image system 安全漏洞
CVE-2024-38468Shenzhen Guoxin Synthesis Image System 安全漏洞
CVE-2024-38466Shenzhen Guoxin Synthesis image system 安全漏洞
CVE-2024-38467Shenzhen Guoxin Synthesis Image System 安全漏洞
CVE-2024-38396iTerm2 安全漏洞
CVE-2024-38427International Color Consortium DemoIccMAX 安全漏洞
CVE-2024-38395iTerm2 安全漏洞
CVE-2024-38462iRODS 安全漏洞
CVE-2024-38458XenForo 安全漏洞
CVE-2024-38428GNU Wget 安全漏洞
CVE-2024-38439Netatalk 安全漏洞
CVE-2024-38457XenForo 安全漏洞
CVE-2024-38443The Algorithms 安全漏洞
CVE-2024-38441Netatalk 安全漏洞
CVE-2024-38448GNU Global 安全漏洞

Showing top 20 of 23 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2024-38440

No comments yet

Leave a comment