A vulnerability in the atftpd
daemon of atftp could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to an insecurely implemented strncpy call related to the tftpd_file.c
, and tftp_mtftp.c
source code files of the affected software. An attacker could exploit this vulnerability by sending packets that submit malicious input to the targeted system. A successful exploit could trigger a stack-based buffer overflow condition that the attacker could use to execute arbitrary code or cause a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
The vendor has confirmed the vulnerability and released software updates.