Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.
4.1.2~ds-44.2.1~ds-14.2.3~ds-14.2.3~ds-2.1ubuntu0.22.2.2-1ubuntu2.2+esm42.2.5-1ubuntu0.2+esm42.2.6-1ubuntu0.18.04.2+esm43.1.12~ds-4ubuntu0.20.04.4+esm23.1.12~ds-9ubuntu0.22.04.4+esm23.1.18~ds-1ubuntu0.1~esm3Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:LI:HA:LCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L