Integer underflow in Netatalk - CVE-2026-44060
Published: July 12, 2026
Netatalk
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer underflow in dsi_writeinit() when processing a crafted DSI packet with dsi_doff greater than dsi_len. A remote attacker can send a specially crafted DSI packet to cause a denial of service.
When exploited through the authenticated DSIFUNC_WRITE path, the issue can also consume significant disk space by splicing attacker-controlled socket data into a file. Pre-authentication exploitation requires chaining with the DSI protocol desynchronization vulnerability.