QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11366

Published: Apr 20, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities

x_refsource_MISC

https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

20190508 [SECURITY] [DSA 4438-1] atftp security update

mailing-list

x_refsource_BUGTRAQ

[debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.