A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.
4.1.2~ds-44.2.1~ds-14.2.3~ds-14.2.3~ds-2.1ubuntu0.13.1.12~ds-4ubuntu0.20.04.4+esm13.1.12~ds-9ubuntu0.22.04.4+esm13.1.18~ds-1ubuntu0.1~esm2Exploitability
AV:NAC:HPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H