TFTP.Filename.Format.String
Description
A vulnerability has been identified in TFTPD32, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a format string error when processing a specially crafted GET request containing a malformed filename, which could be exploited by attackers to crash a vulnerable application and possibly execute arbitrary code.
Affected Products
TFTPD32 version 2.81 and prior.
Impact
Denial of service
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://tftpd32.jounin.net/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-04-13 | 18.057 | Sig Added |