CVE-2026-44065 PUBLISHED

Off-by-two in papd lp_write()

Assigner: securin
Reserved: 05.05.2026 Published: 21.05.2026 Updated: 21.05.2026

An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CVSS Score: 3.7

Product Status

Vendor Netatalk
Product Netatalk
Versions Default: unaffected
  • affected from 2.0.0 to 4.4.2 (incl.)
  • Version 4.5.0 is unaffected

Credits

  • Arjun Basnet from Securin finder

References

Problem Types

  • Off-by-one Error CWE