Buffer overflow in tftp-hpa prior to 5.1 allows remote malicious users to cause a denial of service and possibly execute arbitrary code via the utimeout option.
h peter anvin tftp-hpa