CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1636

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1960%
EPSS Percentile39.59th
PublishedOct 26, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.

Affected Platforms (CPE)

πŸ“¦
Net Integration Technologies Inc.

Wvtftp

= 0.9

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=109885074513940&w=2
πŸ”— http://secunia.com/advisories/12986
πŸ”— http://www.securityfocus.com/bid/11525
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17869
πŸ”— http://marc.info/?l=bugtraq&m=109885074513940&w=2
πŸ”— http://secunia.com/advisories/12986
πŸ”— http://www.securityfocus.com/bid/11525
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17869

Related Vulnerabilities

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-129010.0

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a...