atftp

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Client/server implementation of the TFTP protocol that implements RFCs 1350, 2090, 2347, 2348, and 2349
Version 0.7.5-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2381 0.7.4-1 0.7.5-1 Medium Fixed
AVG-1395 0.7.2-2 0.7.2-3 Medium Fixed FS#69175
Issue Group Severity Remote Type Description
CVE-2021-41054 AVG-2381 Medium Yes Arbitrary code execution
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
CVE-2020-6097 AVG-1395 Medium Yes Denial of service
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.2. A specially crafted sequence of RRQ-Multicast...

Advisories

Date Advisory Group Severity Type
12 Jan 2021 ASA-202101-24 AVG-1395 Medium denial of service