CVE-2021-40524

Опубликовано: 05 сент. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)

Ссылки

https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4
Patch
Third Party Advisory
https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50
Patch
Third Party Advisory
https://github.com/jedisct1/pure-ftpd/pull/158
Exploit
Third Party Advisory
https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4
Patch
Third Party Advisory
https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50
Patch
Third Party Advisory
https://github.com/jedisct1/pure-ftpd/pull/158
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/11/msg00003.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*

Версия от 1.0.23 (включая) до 1.0.50 (исключая)

EPSS

Процентиль: 96%

0.24037

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

CVE-2021-40524

CVSS3: 7.5

ubuntu

больше 4 лет назад

CVE-2021-40524

CVSS3: 7.5

debian

больше 4 лет назад

In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...

GHSA-p53v-96v3-p5jg

CVSS3: 7.5

github

больше 3 лет назад

In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value.

EPSS

Процентиль: 96%

0.24037

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-434