Integer underflow in Netatalk - CVE-2026-45355
Published: July 12, 2026
Netatalk
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information and cause a denial of service.
The vulnerability exists due to integer underflow in sl_unpack_cpx when processing Spotlight RPC string unmarshalling fields. A remote user can send a specially crafted Spotlight RPC request to disclose sensitive information and cause a denial of service.
The issue occurs when a negative signed string length is implicitly cast to an unsigned size_t value, leading to a massive heap out-of-bounds read. The vulnerable request is reachable through a post-auth AFP command, and the UTF-16 string path may expose more memory than the plain string path.