CVE-2019-11365
published 2019-04-20CVE-2019-11365: An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely…
PriorityP355critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.29%
89.9th percentile
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atftp_project | atftp | — | — |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1~0.16.04.1 | 0.7.git20120829-3.1~0.16.04.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1~0.18.04.1 | 0.7.git20120829-3.1~0.18.04.1 |
| debian | atftp | < atftp 0.7.git20120829-3.1 (bookworm) | atftp 0.7.git20120829-3.1 (bookworm) |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g6j-v9hp-3h66: An issue was discovered in atftpd in atftp 0
ghsa_unreviewed·2022-05-24
CVE-2019-11365 [CRITICAL] GHSA-4g6j-v9hp-3h66: An issue was discovered in atftpd in atftp 0
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
OSV
atftp vulnerabilities
osv·2020-11-24·CVSS 9.8
CVE-2019-11365 [CRITICAL] atftp vulnerabilities
atftp vulnerabilities
It was discovered that atftp's FTP server did not properly handler certain
input. An attacker could use this to to cause a denial of service (crash)
or possibly execute arbitrary code. (CVE-2019-11365)
It was discovered that atftp's FTP server did not make proper use of
mutexes when locking certain data structures. An attacker could use this to
cause a denial of service via a NULL pointer dereference. (CVE-2019-11366)
OSV
atftp vulnerabilities
osv·2020-09-24·CVSS 9.8
CVE-2019-11365 [CRITICAL] atftp vulnerabilities
atftp vulnerabilities
Denis Andzakovic discovered that atftpd incorrectly handled certain
malformed packets. A remote attacker could send a specially crafted packet
to cause atftpd to crash, resulting in a denial of service.
(CVE-2019-11365)
Denis Andzakovic discovered that atftpd did not properly lock the thread
list mutex. An attacker could send a large number of tftpd packets
simultaneously when running atftpd in daemon mode to cause atftpd to
crash, resulting in a denial of service. (CVE-2019-11366)
OSV
CVE-2019-11365: An issue was discovered in atftpd in atftp 0
osv·2019-04-20·CVSS 9.8
CVE-2019-11365 [CRITICAL] CVE-2019-11365: An issue was discovered in atftpd in atftp 0
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
Ubuntu
atftp vulnerabilities
vendor_ubuntu·2020-11-24·CVSS 9.8
CVE-2019-11366 [CRITICAL] atftp vulnerabilities
Title: atftp vulnerabilities
Summary: atftp could be made to crash or run programs if it received
specially crafted network traffic.
It was discovered that atftp's FTP server did not properly handler certain
input. An attacker could use this to to cause a denial of service (crash)
or possibly execute arbitrary code. (CVE-2019-11365)
It was discovered that atftp's FTP server did not make proper use of
mutexes when locking certain data structures. An attacker could use this to
cause a denial of service via a NULL pointer dereference. (CVE-2019-11366)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
atftpd vulnerabilities
vendor_ubuntu·2020-09-24·CVSS 9.8
CVE-2019-11365 [CRITICAL] atftpd vulnerabilities
Title: atftpd vulnerabilities
Summary: Several security issues were fixed in atftpd.
Denis Andzakovic discovered that atftpd incorrectly handled certain
malformed packets. A remote attacker could send a specially crafted packet
to cause atftpd to crash, resulting in a denial of service.
(CVE-2019-11365)
Denis Andzakovic discovered that atftpd did not properly lock the thread
list mutex. An attacker could send a large number of tftpd packets
simultaneously when running atftpd in daemon mode to cause atftpd to
crash, resulting in a denial of service. (CVE-2019-11366)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2019-11365: atftp - An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a c...
vendor_debian·2019·CVSS 9.8
CVE-2019-11365 [CRITICAL] CVE-2019-11365: atftp - An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a c...
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
Scope: local
bookworm: resolved (fixed in 0.7.git20120829-3.1)
bullseye: resolved (fixed in 0.7.git20120829-3.1)
forky: resolved (fixed in 0.7.git20120829-3.1)
sid: resolved (fixed in 0.7.git20120829-3.1)
trixie: resolved (fixed in 0.7.git20120829-3.1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2019/05/msg00012.htmlhttps://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilitieshttps://seclists.org/bugtraq/2019/May/16https://security.gentoo.org/glsa/202003-14https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/https://usn.ubuntu.com/4540-1/https://www.debian.org/security/2019/dsa-4438https://lists.debian.org/debian-lts-announce/2019/05/msg00012.htmlhttps://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilitieshttps://seclists.org/bugtraq/2019/May/16https://security.gentoo.org/glsa/202003-14https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/https://usn.ubuntu.com/4540-1/https://www.debian.org/security/2019/dsa-4438
2019-04-20
Published