Published: 13/09/2021 Updated: 30/11/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

tftpd_file.c in atftp up to and including 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atftp project atftp
debian debian linux 9.0

Debian Bug report logs - #994895 atftpd: buffer overflow, CVE-2021-41054 Package: atftpd; Maintainer for atftpd is Ludovic Drolez <ldrolez@debianorg>; Source for atftpd is src:atftp (PTS, buildd, popcon) Reported by: "Andreas B Mundt" <andi@debianorg> Date: Wed, 22 Sep 2021 18:51:02 UTC Severity: important Tags: ...

tftpd_filec in atftp through 074 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options ...

CWE-120 https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054 https://lists.debian.org/debian-lts-announce/2021/11/msg00014.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-41054

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect