Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-6097 - log back

CVE-2020-6097 edited at 01 Jan 2021 23:15:53

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Denial of service

Description

+

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.2. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

References

+	https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
+	https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/

Notes

CVE-2020-6097 created at 01 Jan 2021 23:13:59