Lucene search
+L
Atftp ProjectAtftp

5 matches found

cve
cve
added 2020/09/10 2:13 p.m.159 views

CVE-2020-6097

CVE-2020-6097 affects atftp’s atftpd daemon; a crafted RRQ-Multicast sequence can trigger an assert() and crash, causing DoS. Public details in Debian DLA-2820-1 (fix in atftp 0.7.git20120829-3.1~deb9u2) and Ubuntu/Debian advisories confirm. Remediation: upgrade atftp to the patched package versi...

7.5CVSS7.1AI score0.02399EPSS
cve
cve
added 2019/04/20 12:57 p.m.118 views

CVE-2019-11365

CVE-2019-11365 is a vulnerability in atftpd/atftp 0.7.1 where a crafted error packet (3 bytes or fewer) can trigger a stack-based buffer overflow due to an insecure strncpy in multiple files (tftpd_file.c, tftp_file.c, tftpd_mtftp.c, tftp_mtftp.c). Public advisories (Ubuntu, SUSE, OpenVAS/Nessus)...

9.8CVSS9.4AI score0.04288EPSS
cve
cve
added 2021/09/13 8:43 p.m.111 views

CVE-2021-41054

CVE-2021-41054 affects atftp up to version 0.7.4, with a buffer overflow in tftpd_file.c caused by buffer-size handling that fails to properly account for data, OACK, and other options. Connected advisories across Debian, SUSE, Photon OS, and Astra Linux confirm the issue and reference a remediat...

7.5CVSS7.7AI score0.02581EPSS
cve
cve
added 2022/02/04 8:13 p.m.98 views

CVE-2021-46671

Summary: CVE-2021-46671 affects atftp; options.c reads past the end of an array, causing disclosure of server-side /etc/group data to a remote client. This affects atftp versions before 0.7.5. Impact: remote information disclosure (server data) without authentication; no exploitation details prov...

5.3CVSS5.3AI score0.01356EPSS
cve
cve
added 2019/04/20 12:58 p.m.87 views

CVE-2019-11366

The connected sources confirm CVE-2019-11366 and CVE-2019-11365 affecting atftp/atftpd. The root cause is failure to lock the thread_list_mutex before assigning thread_data, enabling a race that can lead to a NULL pointer dereference and a crash, with potential arbitrary code execution in some co...

5.9CVSS6.9AI score0.02098EPSS