5 results (0.011 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. El archivo options.c en atftp versiones anteriores a 0.7.5, lee más allá del final de un array, y en consecuencia revela datos de /etc/group del lado del servidor a un cliente remoto • https://bugs.debian.org/1004974 https://lists.debian.org/debian-lts-announce/2022/05/msg00040.html https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. el archivo tftpd_file.c en atftp versiones hasta 0.7.4, presenta un desbordamiento de búfer porque el manejo del tamaño del búfer no considera apropiadamente la combinación de datos, OACK y otras opciones • https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054 https://lists.debian.org/debian-lts-announce/2021/11/msg00014.html https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en la funcionalidad del demonio de atftpd de atftp versión 0.7.git20120829-3.1+b1. Una secuencia especialmente diseñada de peticiones RRQ-Multicast desencadena una llamada a la función assert() que resulta en una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00058.html https://lists.debian.org/debian-lts-announce/2021/11/msg00014.html https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 • CWE-617: Reachable Assertion •

CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 1

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. Fue encontrado un problema en atftpd en atftp versión 0.7.1. • https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities https://seclists.org/bugtraq/2019/May/16 https://security.gentoo.org/glsa/202003-14 https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580 https://usn.ubuntu.com/4540-1 https://www.debian.org/security/2019/dsa-4438 • CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 29%CPEs: 1EXPL: 1

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. Fue encontrado un problema en atftpd en atftp versión 0.7.1. • https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities https://seclists.org/bugtraq/2019/May/16 https://security.gentoo.org/glsa/202003-14 https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b https://usn.ubuntu.com/4540-1 https://www.debian.org/security/2019/dsa-4438 • CWE-787: Out-of-bounds Write •