On Fri, Sep 11, 2020 at 07:12:49AM +0200, Salvatore Bonaccorso wrote: > Source: atftp > Version: 0.7.git20120829-3.1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for atftp. > > CVE-2020-6097[0]: > | An exploitable denial of service vulnerability exists in the atftpd > | daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially > | crafted sequence of RRQ-Multicast requests trigger an assert() call > | resulting in denial-of-service. An attacker can send a sequence of > | malicious packets to trigger this vulnerability.
This is now fixed here: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/ Cheers, Moritz
