CVE-2002-2226

Tftpd32 < 2.21 - Memory Corruption

Title source: rule

Description

Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.

Exploits (3)

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/tftp/tftpd32_long_filename.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16349

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Aviram Jenik · perlremotewindows

https://www.exploit-db.com/exploits/22025

View Code ZIP pw:eip

References (7)

[US Government Resource] http://www.kb.cert.org/vuls/id/632633

[Exploit] http://www.securiteam.com/windowsntfocus/6C00C2061A.html

[Exploit] http://www.securityfocus.com/bid/6199

[Various Sources] http://tftpd32.jounin.net/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/300395

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10647

[Third Party Advisory] http://securityreason.com/securityalert/3160

Scores

EPSS 0.7836

EPSS Percentile 99.0%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

tftpd32/tftpd32 < 2.21

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026