CVE-2021-41054
7.5 HIGHtftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data...
Published: 2021-09-13 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-120
Affected products
| Vendor | Product |
|---|---|
| atftp_project | atftp, debian_linux |
| debian | atftp, debian_linux |
Description
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41054
- [Exploit reference]https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054
- [Other]https://lists.debian.org/debian-lts-announce/2021/11/msg00014.html
- [Patch]https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
- [Exploit reference]https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054
- [Other]https://lists.debian.org/debian-lts-announce/2021/11/msg00014.html
- [Patch]https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
Related CVEs
Same vendor
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly r... (7.8 HIGH)
- CVE-2026-4775 — A flaw was found in the libtiff library (7.8 HIGH)
- CVE-2026-3497 — Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions (7.5 HIGH)
- CVE-2026-2219 — It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the dat... (7.5 HIGH)
Same CWE
- CVE-2026-12328 — Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (8.1 HIGH)
- CVE-2026-12192 — A vulnerability was determined in GALAYOU Y4 1.0.0 (8.8 HIGH)
- CVE-2026-36818 — Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter... (7.5 HIGH)
- CVE-2026-36817 — Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo paramet... (7.5 HIGH)
- CVE-2026-36816 — Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo paramete... (7.5 HIGH)