[Buildroot] [PATCH] package/atftp: add security fix for CVE-2020-6097
Peter Korsgaard
peter at korsgaard.com
Wed Feb 10 18:55:31 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixed the following security issue:
> - CVE-2020-6097: An exploitable denial of service vulnerability exists in
> the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A
> specially crafted sequence of RRQ-Multicast requests trigger an assert()
> call resulting in denial-of-service. An attacker can send a sequence of
> malicious packets to trigger this vulnerability.
> For more details, see the report:
> https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2020.02.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list