← Back

CVE-2020-6097

nvd nist
Published: Sep 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Affected (3)

Atftp Project
1 product
Atftp
Debian
1 product
Debian Linux
Opensuse
1 product
Leap
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Atftp
Version 0.7.git20120829-3.1+b1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 15.2

Related CWEs

CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (6)

Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
ExploitTechnical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.