Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Thekelleys Dnsmasq TFTP服务远程堆溢出漏洞
Vulnerability Description
Dnsmasq是软件开发者Simon Kelley所研发的一款使用C语言编写的开源轻量级DNS转发和DHCP、TFTP服务器。 dnsmasq在启用了TFTP服务(--enable-tftp命令行选项或在/etc/dnsmasq.conf中启用enable-tftp)的时候存在堆溢出漏洞。如果所配置的tftp-root足够长,且远程用户发送的请求中包含有超长的文件名,dnsmasq就可能崩溃或以dnsmasq服务的权限(通常为非特权的nobody用户)执行任意代码。 tftp_request对daemon
CVSS Information
N/A
Vulnerability Type
N/A