Headline
CVE-2021-46671: atftp / Code
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
Help Create Join Login
Open Source Software
Business Software
Resources
- Blog
- Articles
Menu
Help
Create
Join
Login
Home
Browse
atftp
Code
advanced tftp server and client
Brought to you by: khorniszon, md11
- Summary
- Files
- Reviews
- Support
- Wiki
- Tickets ▾
- Support Requests
- Bugs
- Code
Menu ▾ ▴
- Browse Commits
- Fork
- Merge Requests 0
- Forks 5
Branches
- master
- testing-generated-content-patch
Tags
- 0.7.dfsg
- 0.7.dfsg-6
- 0.7.dfsg-9.1
- 0.7.dfsg-9.3
- v0.7.1
- v0.7.2
- v0.7.3
- v0.7.4
- v0.7.5
- v0.8.0
Commit [9cf799] Maximize Restore History
options.c: Proper fix for the read-past-end-of-array
This properly fixes what commit:b3e36dd tried to do.
Authored by: Simon Rettberg 2018-01-10
Committed by: Martin Dummer 2021-09-12
Browse code at this revision
Parent: [536633]
Child: [6d2ff0]
changed
options.c
options.c Diff Switch to side-by-side view
Oh no! Some styles failed to load. 😵 Please try reloading this page
Related news
Ubuntu Security Notice 6334-1 - Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. Johannes Krupp discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server and make the server to disclose /etc/group data.