rpm package
suse/atftp&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/atftp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46671 | Med | 5.3 | < 0.7.0-160.14.1 | 0.7.0-160.14.1 | Feb 4, 2022 | options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | |
| CVE-2021-41054 | Hig | 7.5 | < 0.7.0-160.11.1 | 0.7.0-160.11.1 | Sep 13, 2021 | tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. |
- affected < 0.7.0-160.14.1fixed 0.7.0-160.14.1
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
- affected < 0.7.0-160.11.1fixed 0.7.0-160.11.1
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.