FKIE_CVE-2013-6809

Vulnerability from fkie_nvd - Published: 2013-12-13 18:55 - Updated: 2026-06-17 00:00
Severity
Summary
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66734BC-25CC-4ED7-AA29-4E44A577209C",
              "versionEndIncluding": "4.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C558A7E-9627-4652-B9A0-449DBEC13759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB055ED-1521-4ED0-9D2C-57055083B647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4271F96E-D7F2-4A19-8F38-116F3BC4564A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB878C3-11C3-44A9-AC8A-4A5552820409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D57D87FF-5437-4027-BEE1-2E589BD82432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71CA63D-17FD-4684-B13F-AED4EF68BABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3DBE3D5-9899-4DBF-B241-988E5BA0539E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "01577E14-494A-41E7-AAE3-CE056D5D47A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2643C36-668E-457F-BB34-154D39025BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1FDE23-01D4-475D-AEB5-149C0C3E184B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "037A8135-0860-4D78-9BD3-8159BF2A658E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31EFFDF-1234-4472-A869-5949B2006F66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "E048D128-8BCD-4E74-85CC-9ADA091C9C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAF65-D5D5-4A45-8A18-CA40C63807EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A20FA-E34A-4348-BEFD-0AF760429CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "E258100C-F46E-414C-8ACA-063C87823FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "460C391A-E8FB-4921-ADFF-5E5F6C8C36D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E764CD-0312-4476-965B-24A15486E485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "B794E953-4B56-45A8-9245-38D3E7BDC529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "58FAB6C7-C0F4-47F3-BD18-D1F1BF04AE51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6680458-1D5F-4D25-9BC2-20CC1FE5101B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD50C40-964C-4ABD-B44D-49DAE6C60D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:2.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AEB740D-2466-423C-B6CE-56269F82F099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "9764EE49-B3F1-4515-9B24-A8784C2D74BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2644ACEC-E21F-4192-8AF8-DDE548D57391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "948234FA-3543-44DF-8B28-E6F721E7C9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FC92027-C6A5-4731-9E3D-4E496F990B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.10:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6A6D5407-B8D3-4121-860E-AB6B8C0A47BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1070A0C-7B23-4F94-9503-D9A420AC7BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "91EDEA13-B9D2-4A13-AEA2-0BA8B3A43B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "545EC5A0-1DB9-4062-878F-FE10910A32B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8F8452-2471-40EE-9222-22049D46C451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "30115C7C-22FD-40CB-AD02-C634CCAC22E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E12BEC3-C466-48EB-A945-41728D4CC32B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBA5417-1C29-4793-9F23-301DC8DEFF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECED70EC-27C4-4061-9796-DED9A142BCE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "142EE8CE-08BA-4CC5-A146-3EFE135C6E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "B189F0A3-823A-4622-8DFA-5C61F732C51A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "440FB930-512F-4BC4-A6AE-3B93BF184A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CC9E7E0-DBCD-4C3A-BBF2-F06C1814BE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philippe_jounin:tftpd32:3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC8813F-30A5-409F-AB85-3801E4CCE36D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de format string en el cliente de Tftpd32 anteriores a 4.50 permite a servidores remotos causar una denegaci\u00f3n de servicio (crash) o posiblemente ejecutar c\u00f3digo de forma arbitrria a trav\u00e9s especificadores de formato de cadena en el campo Remote File."
    }
  ],
  "id": "CVE-2013-6809",
  "lastModified": "2026-06-17T00:00:58.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-13T18:55:05.490",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/100511"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Dec/15"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/100511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Dec/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89455"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…