CVE-2013-0145
published 2013-05-20CVE-2013-0145: Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.87%
94.6th percentile
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vercot | serva | — | — |
| vercot | serva32 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f75j-x47q-5w7j: Buffer overflow in the TFTPD service in Serva32 2
ghsa_unreviewed·2022-05-05
CVE-2013-0145 [MEDIUM] CWE-119 GHSA-f75j-x47q-5w7j: Buffer overflow in the TFTPD service in Serva32 2
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
GHSA
GHSA-vj55-m9gh-hjm2: Serva 4
ghsa_unreviewed·2021-12-01·CVSS 5.0
CVE-2021-44429 [MEDIUM] CWE-120 GHSA-vj55-m9gh-hjm2: Serva 4
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.
No detection rules found.
Bugzilla
CVE-2013-0754 Mozilla: Use-after-free in ListenerManager (MFSA 2013-17)
bugzilla·2013-01-05·CVSS 9.3
CVE-2013-0754 [CRITICAL] CVE-2013-0754 Mozilla: Use-after-free in ListenerManager (MFSA 2013-17)
CVE-2013-0754 Mozilla: Use-after-free in ListenerManager (MFSA 2013-17)
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution.
External Reference:
http://www.mozilla.org/security/announce/2013/mfsa2013-17.html
Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2013:0145 https://rhn.redhat.com/errata/RHSA-20
Bugzilla
CVE-2013-0753 Mozilla: Use-after-free in serializeToStream (MFSA 2013-16)
bugzilla·2013-01-05·CVSS 9.3
CVE-2013-0753 [CRITICAL] CVE-2013-0753 Mozilla: Use-after-free in serializeToStream (MFSA 2013-16)
CVE-2013-0753 Mozilla: Use-after-free in serializeToStream (MFSA 2013-16)
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited.
External Reference:
http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2013:0145 https://rhn.redhat.com/errata/RHSA-2013-0145.html
---
This issue has been addressed in following products:
Red Hat E
2013-05-20
Published