CVE-2019-11366
published 2019-04-20CVE-2019-11366: An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result…
PriorityP427medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
EPSS
2.10%
79.4th percentile
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atftp_project | atftp | — | — |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1 | 0.7.git20120829-3.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1~0.16.04.1 | 0.7.git20120829-3.1~0.16.04.1 |
| atftp_project | atftp | >= 0 < 0.7.git20120829-3.1~0.18.04.1 | 0.7.git20120829-3.1~0.18.04.1 |
| debian | atftp | < atftp 0.7.git20120829-3.1 (bookworm) | atftp 0.7.git20120829-3.1 (bookworm) |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4hq6-rhmw-hgw9: An issue was discovered in atftpd in atftp 0
ghsa_unreviewed·2022-05-24
CVE-2019-11366 [MEDIUM] GHSA-4hq6-rhmw-hgw9: An issue was discovered in atftpd in atftp 0
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
OSV
atftp vulnerabilities
osv·2020-11-24·CVSS 9.8
CVE-2019-11365 [CRITICAL] atftp vulnerabilities
atftp vulnerabilities
It was discovered that atftp's FTP server did not properly handler certain
input. An attacker could use this to to cause a denial of service (crash)
or possibly execute arbitrary code. (CVE-2019-11365)
It was discovered that atftp's FTP server did not make proper use of
mutexes when locking certain data structures. An attacker could use this to
cause a denial of service via a NULL pointer dereference. (CVE-2019-11366)
OSV
atftp vulnerabilities
osv·2020-09-24·CVSS 9.8
CVE-2019-11365 [CRITICAL] atftp vulnerabilities
atftp vulnerabilities
Denis Andzakovic discovered that atftpd incorrectly handled certain
malformed packets. A remote attacker could send a specially crafted packet
to cause atftpd to crash, resulting in a denial of service.
(CVE-2019-11365)
Denis Andzakovic discovered that atftpd did not properly lock the thread
list mutex. An attacker could send a large number of tftpd packets
simultaneously when running atftpd in daemon mode to cause atftpd to
crash, resulting in a denial of service. (CVE-2019-11366)
OSV
CVE-2019-11366: An issue was discovered in atftpd in atftp 0
osv·2019-04-20·CVSS 5.9
CVE-2019-11366 [MEDIUM] CVE-2019-11366: An issue was discovered in atftpd in atftp 0
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
Ubuntu
atftp vulnerabilities
vendor_ubuntu·2020-11-24·CVSS 9.8
CVE-2019-11366 [CRITICAL] atftp vulnerabilities
Title: atftp vulnerabilities
Summary: atftp could be made to crash or run programs if it received
specially crafted network traffic.
It was discovered that atftp's FTP server did not properly handler certain
input. An attacker could use this to to cause a denial of service (crash)
or possibly execute arbitrary code. (CVE-2019-11365)
It was discovered that atftp's FTP server did not make proper use of
mutexes when locking certain data structures. An attacker could use this to
cause a denial of service via a NULL pointer dereference. (CVE-2019-11366)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
atftpd vulnerabilities
vendor_ubuntu·2020-09-24·CVSS 9.8
CVE-2019-11365 [CRITICAL] atftpd vulnerabilities
Title: atftpd vulnerabilities
Summary: Several security issues were fixed in atftpd.
Denis Andzakovic discovered that atftpd incorrectly handled certain
malformed packets. A remote attacker could send a specially crafted packet
to cause atftpd to crash, resulting in a denial of service.
(CVE-2019-11365)
Denis Andzakovic discovered that atftpd did not properly lock the thread
list mutex. An attacker could send a large number of tftpd packets
simultaneously when running atftpd in daemon mode to cause atftpd to
crash, resulting in a denial of service. (CVE-2019-11366)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2019-11366: atftp - An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_li...
vendor_debian·2019·CVSS 5.9
CVE-2019-11366 [MEDIUM] CVE-2019-11366: atftp - An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_li...
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
Scope: local
bookworm: resolved (fixed in 0.7.git20120829-3.1)
bullseye: resolved (fixed in 0.7.git20120829-3.1)
forky: resolved (fixed in 0.7.git20120829-3.1)
sid: resolved (fixed in 0.7.git20120829-3.1)
trixie: resolved (fixed in 0.7.git20120829-3.1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2019/05/msg00012.htmlhttps://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilitieshttps://seclists.org/bugtraq/2019/May/16https://security.gentoo.org/glsa/202003-14https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/https://usn.ubuntu.com/4540-1/https://www.debian.org/security/2019/dsa-4438https://lists.debian.org/debian-lts-announce/2019/05/msg00012.htmlhttps://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilitieshttps://seclists.org/bugtraq/2019/May/16https://security.gentoo.org/glsa/202003-14https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/https://usn.ubuntu.com/4540-1/https://www.debian.org/security/2019/dsa-4438
2019-04-20
Published