CVE-2013-6809

Tftpd32 < 4.50 - Remote Code Execution via Format String in Remote File Field

Title source: llm
STIX 2.1

Description

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/100511
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89455
Exploit, Patch mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/15

Scores

EPSS 0.0288
EPSS Percentile 85.0%

Details

CWE
CWE-134
Status published
Products (42)
philippe_jounin/tftpd32 1.0
philippe_jounin/tftpd32 1.1
philippe_jounin/tftpd32 2.0
philippe_jounin/tftpd32 2.1
philippe_jounin/tftpd32 2.2
philippe_jounin/tftpd32 2.11
philippe_jounin/tftpd32 2.21
philippe_jounin/tftpd32 2.51
philippe_jounin/tftpd32 2.52
philippe_jounin/tftpd32 2.53
... and 32 more
Published Dec 13, 2013
Tracked Since Feb 18, 2026