Intrusion Prevention

TFTP.Filename.Format.String

Description

A vulnerability has been identified in TFTPD32, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a format string error when processing a specially crafted GET request containing a malformed filename, which could be exploited by attackers to crash a vulnerable application and possibly execute arbitrary code.

Affected Products

TFTPD32 version 2.81 and prior.

Impact

Denial of service

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://tftpd32.jounin.net/

CVE References

CVE-2006-0328