CVE-2019-11366

Publication date 20 April 2019

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

From the Ubuntu Security Team

It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.

Status

Package Ubuntu Release Status
atftp 20.10 groovy
Not affected
20.04 LTS focal
Not affected
19.10 eoan
Not affected
19.04 disco Ignored end of life
18.10 cosmic Ignored end of life
18.04 LTS bionic
Fixed 0.7.20120829-3.1~0.18.04.1
16.04 LTS xenial
Fixed 0.7.20120829-3.1~0.16.04.1
14.04 LTS trusty Not in release

Severity score breakdown

Parameter Value
Base score 5.9 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H