{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-25T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110613 Re: CVE request: buffer overflow in tftp-hpa", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/13/11"}, {"name": "GLSA-201206-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201206-12.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=commitdiff%3Bh=f3035c45bc50bb5cac87ca01e7ef6a12485184f8"}, {"name": "48411", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48411"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=blob%3Bf=CHANGES%3Bh=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1%3Bhb=badf05140d3c2408715a73a52c0f35887e337c04"}, {"tags": ["x_refsource_MISC"], "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:53:17.375Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110613 Re: CVE request: buffer overflow in tftp-hpa", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/13/11"}, {"name": "GLSA-201206-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201206-12.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=commitdiff%3Bh=f3035c45bc50bb5cac87ca01e7ef6a12485184f8"}, {"name": "48411", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48411"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=blob%3Bf=CHANGES%3Bh=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1%3Bhb=badf05140d3c2408715a73a52c0f35887e337c04"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2199", "datePublished": "2012-07-22T17:00:00", "dateReserved": "2011-05-31T00:00:00", "dateUpdated": "2024-08-06T22:53:17.375Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:h_peter_anvin:tftp-hpa:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF257547-50C2-4F15-89D2-7E6E88D0DAF0", "versionEndIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en tftp-hpa anterior a v5.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de la opci\u00f3n utimeout."}], "id": "CVE-2011-2199", "lastModified": "2024-11-21T01:27:48.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-22T17:55:00.993", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=blob%3Bf=CHANGES%3Bh=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1%3Bhb=badf05140d3c2408715a73a52c0f35887e337c04"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=commitdiff%3Bh=f3035c45bc50bb5cac87ca01e7ef6a12485184f8"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201206-12.xml"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/06/13/11"}, {"source": "secalert@redhat.com", "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=blob%3Bf=CHANGES%3Bh=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1%3Bhb=badf05140d3c2408715a73a52c0f35887e337c04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3Ba=commitdiff%3Bh=f3035c45bc50bb5cac87ca01e7ef6a12485184f8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201206-12.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/06/13/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48411"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "tftp: buffer overflow when setting utimeout option", "id": "713950", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713950"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option."], "name": "CVE-2011-2199", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Will not fix", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-06-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-2199\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2199"], "statement": "Not vulnerable. The Red Hat Security Response Team has reviewed this bug and determined it has no security impact on the tftp packages as shipped with Red Hat Enterprise Linux 4, 5, and 6. Refer to the following bugzilla for additional details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2199", "threat_severity": "Moderate"}