Published: 20 April 2019

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

From the Ubuntu security team

It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.



CVSS 3 base score: 5.9


Package Release Status
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.7.20120829-3.1~
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.7.20120829-3.1~
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)