cbcvebase.
CVE-2006-0328
published 2006-01-21

CVE-2006-0328: Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2)…

PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.40%
93.7th percentile
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.

Affected

1 ranges
VendorProductVersion rangeFixed in
philippe_jounintftpd32

Detection & IOCsextracted from sources · hover to see the quote

port69/udp
command%.1000x
bytes
\x00\x01
bytes
\x6F\x63\x74\x65\x74\x00
  • Detect TFTP GET requests (opcode 0x0001) containing format string specifiers (e.g., '%x', '%n', '%s') in the filename field on UDP port 69.
  • TFTP packet beginning with opcode bytes \x00\x01 (GET/RRQ) followed by a filename field containing '%.1000x' or similar format string patterns should be flagged as exploitation attempts.
  • Monitor UDP port 69 traffic for TFTP RRQ or WRQ packets where the filename field contains '%' characters, which are not valid in normal TFTP filenames.
  • ·The PoC targets localhost (127.0.0.1); in real attacks the destination would be the remote Tftpd32 host. Ensure detection rules are not scoped only to loopback traffic.
  • ·Vulnerability is confirmed only in Tftpd32 version 2.81; other versions may or may not be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.