CVE-2024-38440 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-38440 Interim 1 9 2025-02-16T01:09:16Z current 2024-06-17T23:09:43Z 2025-02-16T01:09:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-38440 Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).' 2.4.1 and 3.1.19 are also fixed versions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2024-July/035825.html E-Mail link for SUSE-SU-2024:2301-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 libatalk0-3.1.18-3.25.1 netatalk-3.1.18-3.25.1 netatalk-devel-3.1.18-3.25.1 libatalk0-3.1.18-3.25.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 netatalk-3.1.18-3.25.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 netatalk-devel-3.1.18-3.25.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libatalk0-3.1.18-3.25.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 netatalk-3.1.18-3.25.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 netatalk-devel-3.1.18-3.25.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).' 2.4.1 and 3.1.19 are also fixed versions. CVE-2024-38440 SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk0-3.1.18-3.25.1 SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.18-3.25.1 SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.18-3.25.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk0-3.1.18-3.25.1 SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-3.1.18-3.25.1 SUSE Linux Enterprise Workstation Extension 12 SP5:netatalk-devel-3.1.18-3.25.1 important 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L