CVE-2004-1636

Name of the Vulnerable Software and Affected Versions WvTftp version 0.9

Description A heap-based buffer overflow issue exists in the WvTFTPServer::new connection function, located in wvtftpserver.cc, which allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.

Recommendations For WvTftp version 0.9, consider restricting access to the WvTFTPServer::new connection function until a patch is available. As a temporary workaround, avoid using long option strings in TFTP packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.