CVE-2023-0887

Published: Feb 17, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351.

Affected (1)

Products: Tftpd64 Project: Tftpd64

Tftpd64 Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tftpd64 Project Tftpd64	Version 4.64

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

https://vuldb.com/?ctiid.221351

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.221351

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?ctiid.221351

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.221351

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.