CVE-2013-6809

Philippe Jounin Tftpd32 < 4.00 - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/100511

[Exploit] http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89455

[Exploit, Patch] http://seclists.org/fulldisclosure/2013/Dec/15

Scores

EPSS 0.0057

EPSS Percentile 68.6%

Details

CWE

CWE-134

Status published

Products (42)

philippe_jounin/tftpd32 1.0

philippe_jounin/tftpd32 1.1

philippe_jounin/tftpd32 2.0

philippe_jounin/tftpd32 2.1

philippe_jounin/tftpd32 2.2

philippe_jounin/tftpd32 2.11

philippe_jounin/tftpd32 2.21

philippe_jounin/tftpd32 2.51

philippe_jounin/tftpd32 2.52

philippe_jounin/tftpd32 2.53

... and 32 more

Published Dec 13, 2013

Tracked Since Feb 18, 2026