CVE-2020-14149

Опубликовано: 15 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00052.html
https://bugs.gentoo.org/726308
Patch
Third Party Advisory
https://github.com/troglobit/uftpd/issues/30
Exploit
Third Party Advisory
https://github.com/troglobit/uftpd/releases/tag/v2.12
Release Notes
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00052.html
https://bugs.gentoo.org/726308
Patch
Third Party Advisory
https://github.com/troglobit/uftpd/issues/30
Exploit
Third Party Advisory
https://github.com/troglobit/uftpd/releases/tag/v2.12
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:troglobit:uftpd:*:*:*:*:*:*:*:*

Версия до 2.12 (исключая)

EPSS

Процентиль: 68%

0.00564

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

openSUSE-SU-2020:0865-1

suse-cvrf

больше 5 лет назад

Security update for uftpd

GHSA-h47c-m3f2-95qp