Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (7)
| Vulnerability |
Summary |
Aliases |
|
VCID-4ufj-j1bk-97g2
|
Multiple vulnerabilities have been found in atftp, the worst of
which could result in the execution of arbitrary code.
|
CVE-2019-11365
|
|
VCID-8gv8-qwdd-5fd2
|
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
|
CVE-2021-41054
|
|
VCID-jw1r-x7s2-tkdj
|
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.
|
CVE-2004-1485
|
|
VCID-nezw-twkd-8qaf
|
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
|
CVE-2003-0380
|
|
VCID-p7hs-4pdm-2qcw
|
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
|
CVE-2021-46671
|
|
VCID-qyq7-c3vf-bbew
|
Multiple vulnerabilities have been found in atftp, the worst of
which could result in the execution of arbitrary code.
|
CVE-2019-11366
|
|
VCID-r2dj-7m5m-7fgq
|
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.
|
CVE-2020-6097
|