Netatalk Security Advisory
| Subject | Off-by-two in papd lp_write() |
|---|---|
| CVE ID# | CVE-2026-44065 |
| Severity | Low |
| Disclosure Date | 2026/05/13 |
| Affected Versions | 2.0.0 - 4.4.2 |
| Summary | Printer data handling can write one byte and then two bytes beyond a temporary buffer |
Description
Legacy AppleTalk printing support can overrun a temporary buffer under a narrow translated-input condition. The issue is remotely reachable only when the affected printing configuration is enabled; denial of service is the most likely practical impact.
Patch Availability
Apply CVE-2026-44065.patch to a Netatalk 4.4.2 source tree to hotfix your local Netatalk deployment.
Alternatively, upgrade to Netatalk 4.5.0 or later, which includes the patch.
The Netatalk team does not encourage proactively applying the patch to existing deployments because of the low practical exploitability.
CVSS Calculation
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L (3.7)
Workaround
Do not run papd, or restrict AppleTalk printer service access to trusted clients until patched.
Credits
Vulnerability reported by:
@00redbeer
Patch developed by:
Daniel Markstedt of the Netatalk team
References
Go back to the Security Policy.
