How severe is CVE-2019-11366?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2019-11366?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2019-11366 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

Related Vulnerabilities

CVE-2015-5316

MEDIUM

CVSS:5.9(Medium)

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a den...

CWE-4762015

CVE-2015-7977

MEDIUM

CVSS:5.9(Medium)

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

CWE-4762015

CVE-2015-8762

MEDIUM

CVSS:5.9(Medium)

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.

CWE-4762015

CVE-2016-2365

MEDIUM

CVSS:5.9(Medium)

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malic...

CWE-4762016

CVE-2016-2369

MEDIUM

CVSS:5.9(Medium)

A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerab...

CWE-4762016

CVE-2016-5354

MEDIUM

CVSS:5.9(Medium)

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CWE-4762016