Описание
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:netwin:surgeftp:2.3a2:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06983
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
почти 4 года назад
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
EPSS
Процентиль: 91%
0.06983
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-119