1.66

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

open-tftp-server-project

CWE-787

critical

NVD

Published: 2019-12-23

Updated: 2020-01-03

Summary

Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.

Vulnerable Configurations

Part	Description	Count
Application	Open_Tftp_Server_Project Open Tftp Server Project Open Tftp Server - Open Tftp Server Project Open Tftp Server 1.64 Open Tftp Server Project Open Tftp Server 1.66	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://sourceforge.net/p/tftp-server/discussion/550564/thread/a586ce62/