Integer underflow in Netatalk - CVE-2026-45698
Published: July 12, 2026
Netatalk
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to integer underflow in deletedir() in the afpd daemon when processing file operations that cross a device boundary inside an AFP shared volume. A remote user can provide a crafted filename to trigger a stack-based buffer overflow and execute arbitrary code or cause a denial of service.
The overflow occurs because an unsigned remaining-size calculation wraps to SIZE_MAX, causing a subsequent bounds check to always evaluate as safe before strcpy() copies attacker-controlled data into a nearly full stack buffer.