Vulnerabilities > CVE-2020-6097 - Reachable Assertion vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2020-09-10

Updated: 2022-05-12

Summary

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Atftp_Project Atftp Project Atftp 0.7.Git20120829-3.1\+B1	1
OS	Debian Debian Debian Linux 9.0	1
OS	Opensuse Opensuse Leap 15.2	1

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00058.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00014.html