Vulnerability Details : CVE-2013-6809
Potential exploit
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2013-6809
- cpe:2.3:a:philippe_jounin:tftpd32:*:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.73:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.72:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.53:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.52:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.51:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.70:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.60:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.62:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.54:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.81:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.01:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.50:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.35:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.26:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.84:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.71:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.51:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.28:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.27:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.74:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.31:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.29:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.10:beta:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.03:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.34:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.33:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.23:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.22:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:3.20:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.83:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.82:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:philippe_jounin:tftpd32:2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6809
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6809
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-6809
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6809
-
http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html
Tftpd32 Client Side Format String ≈ Packet StormExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89455
Tftpd32 client side format string CVE-2013-6809 Vulnerability Report
-
http://seclists.org/fulldisclosure/2013/Dec/15
Full Disclosure: Tftpd32 Client Side Format String VulnerabilityExploit;Patch
-
http://osvdb.org/100511
Jump to