atftp

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Client/server implementation of the TFTP protocol that implements RFCs 1350, 2090, 2347, 2348, and 2349
Version	0.8.0-4 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2381	0.7.4-1	0.7.5-1	Medium	Fixed
AVG-1395	0.7.2-2	0.7.2-3	Medium	Fixed	FS#69175

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41054	AVG-2381	Medium	Yes	Arbitrary code execution	tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
CVE-2020-6097	AVG-1395	Medium	Yes	Denial of service	An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.2. A specially crafted sequence of RRQ-Multicast...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-41054

AVG-2381

Medium

Yes

Arbitrary code execution

tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.

CVE-2020-6097

AVG-1395

Medium

Yes

Denial of service

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.2. A specially crafted sequence of RRQ-Multicast...

Advisories

Date	Advisory	Group	Severity	Type
12 Jan 2021	ASA-202101-24	AVG-1395	Medium	denial of service