Aggregates CVE and security vulnerability intelligence across all tftp-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow and vendor risk input validation, with potential vendor impact application crash and vendor impact memory corruption across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-2161 | Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. | [email protected] | 10.0 | 78.90% | 2008-05-12 | 2026-04-23 |
| CVE-2002-2237 | tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux. | [email protected] | 5.0 | 1.80% | 2002-12-31 | 2026-04-16 |
| CVE-1999-0183 | Linux implementations of TFTP would allow access to files outside the restricted directory. | [email protected] | 6.4 | 0.73% | 1997-09-01 | 2026-04-16 |