CVE-2009-2958
EPSS 1.1%
Description
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
How to fix CVE-2009-2958
To remediate CVE-2009-2958, upgrade the affected package to a fixed version below.
- Debian/dnsmasq—upgrade to 2.50-1 or later
Is CVE-2009-2958 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.50-1