← Back

Atftp

atftp

Vendor: Atftp Project • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-46671
2Atftp Project
Debian
2Atftp
Debian Linux
Nov 21, 2024
Feb 4, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
CVE-2021-41054
2Atftp Project
Debian
2Atftp
Debian Linux
Nov 21, 2024
Sep 13, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
CVE-2020-6097
3Atftp Project
DebianOpensuse
3Atftp
Debian LinuxLeap
Nov 21, 2024
Sep 10, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denia...Show more
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.Show less
CVE-2019-11366
1Atftp Project
1Atftp
Nov 21, 2024
Apr 20, 2019
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due t...Show more
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.Show less
CVE-2019-11365
1Atftp Project
1Atftp
Nov 21, 2024
Apr 20, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by send...Show more
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.Show less