Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2020-6097

Published: 10/09/2020 Updated: 12/05/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Atftp

Vulnerability Summary

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atftp project atftp 0.7.git20120829-3.1\\+b1

debian debian linux 9.0

opensuse leap 15.2

Vendor Advisories

Debian CVElist Bug Report Logs: atftp: CVE-2020-6097
Debian Bug report logs - #970066 atftp: CVE-2020-6097 Package: src:atftp; Maintainer for src:atftp is Ludovic Drolez <ldrolez@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Sep 2020 05:15:02 UTC Severity: important Tags: security, upstream Found in version atftp/07git20120829-31 ...
Arch Linux Issues:
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 072 A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service An attacker can send a sequence of malicious packets to trigger this vulnerability ...

References

CWE-617https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00058.htmlhttps://lists.debian.org/debian-lts-announce/2021/11/msg00014.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066https://nvd.nist.govhttps://security.archlinux.org/CVE-2020-6097
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook