ID CVE-2019-11366
概要 An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
参考情報
影響を受ける設定
  • cpe:2.3:a:atftp_project:atftp:0.7.1
    cpe:2.3:a:atftp_project:atftp:0.7.1
CVSS
Base: 4.3
Impact: -
Exploitability:-
CWE CWE-476
CAPEC
refmap via4
bugtraq 20190508 [SECURITY] [DSA 4438-1] atftp security update
debian DSA-4438
misc
mlist [debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update
更新日時 20-04-2019 - 09:29
公開日時 20-04-2019 - 09:29
更改日時 12-05-2019 - 19:29
Back to Top