[Buildroot] [PATCH] package/atftp: add security fix for CVE-2020-6097

Peter Korsgaard peter at korsgaard.com
Wed Feb 10 18:55:31 UTC 2021


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixed the following security issue:
 > - CVE-2020-6097: An exploitable denial of service vulnerability exists in
 >   the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1.  A
 >   specially crafted sequence of RRQ-Multicast requests trigger an assert()
 >   call resulting in denial-of-service.  An attacker can send a sequence of
 >   malicious packets to trigger this vulnerability.

 > For more details, see the report:
 > https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list