An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-20T12:57:45
Updated: 2020-09-28T17:06:24
Reserved: 2019-04-20T00:00:00
Link: CVE-2019-11365
JSON object: View
NVD Information
Status : Modified
Published: 2019-04-20T13:29:00.510
Modified: 2020-09-28T18:15:13.333
Link: CVE-2019-11365
JSON object: View
Redhat Information
No data.
CWE