Andreas B. Mundt

**Name of the Vulnerable Software and Affected Versions** atftp versions 0.7.4 and earlier **Description** The issue is related to a buffer overflow in the tftpd file.c component of atftp. This occurs because the buffer-size handling does not properly consider the combination of data, OACK, and other options. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For atftp versions 0.7.4 and earlier, consider disabling the vulnerable tftpd file.c component until a patch is available. Restrict access to the tftpd file.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.