PT-2020-3967 · Atftp+4 · Atftp+4

Peter Wang

Published

2020-09-10

Updated

2024-06-15

CVE-2020-6097

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: atftp version 0.7.git20120829-3.1+b1

Description: The issue is related to a denial of service vulnerability in the atftpd daemon functionality. It can be exploited by a remote attacker using a specially crafted sequence of RRQ-Multicast requests, triggering an assert() call that results in a denial of service. An attacker can send malicious packets to trigger this issue.

Recommendations: For atftp version 0.7.git20120829-3.1+b1, consider restricting access to the atftpd daemon functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the assert() function in the atftpd daemon until a fix is provided.

Exploit

Fix

DoS

Assertion Failure

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617CWE-404

Related Identifiers

BDU:2020-04361

CVE-2020-6097

DLA-2820-1

OPENSUSE-SU-2020:1736-1

OPENSUSE-SU-2020_1736-1

OPENSUSE-SU-2024:10636-1

USN-6334-1

Affected Products

Astra Linux

Linuxmint

Suse

Ubuntu

Atftp

PT-2020-3967 · Atftp+4 · Atftp+4

CVE-2020-6097

Weakness Enumeration

Related Identifiers

Affected Products

References · 32