CVE-2011-2199

2012-07-2217:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-2199

buffer overflow

tftp-hpa

remote attackers

denial of service

execute arbitrary code

nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.097 Low

EPSS

Percentile

94.7%

JSON

Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option.

CPENameOperatorVersion
h_peter_anvin:tftp-hpah peter anvin tftp-hpale5.0

CPE	Name	Operator	Version
h_peter_anvin:tftp-hpa	h peter anvin tftp-hpa	le	5.0

References

git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=blob%3Bf=CHANGES%3Bh=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1%3Bhb=badf05140d3c2408715a73a52c0f35887e337c04

git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=commitdiff%3Bh=f3035c45bc50bb5cac87ca01e7ef6a12485184f8

security.gentoo.org/glsa/glsa-201206-12.xml

www.openwall.com/lists/oss-security/2011/06/13/11

www.pre-cert.de/advisories/PRE-SA-2011-05.txt

www.securityfocus.com/bid/48411