CVE-2011-0418

2011-05-2423:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-0418

pure-ftpd

denial of service

memory consumption

nvd

5.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

92.1%

JSON

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

CPENameOperatorVersion
pureftpd:pure-ftpdpureftpd pure-ftpdeq0.97-final
pureftpd:pure-ftpdpureftpd pure-ftpdeq1.0.19
pureftpd:pure-ftpdpureftpd pure-ftpdeq1.0.10
pureftpd:pure-ftpdpureftpd pure-ftpdeq0.97pre1
pureftpd:pure-ftpdpureftpd pure-ftpdeq0.98-final
pureftpd:pure-ftpdpureftpd pure-ftpdeq0.95
pureftpd:pure-ftpdpureftpd pure-ftpdeq0.97pre4
pureftpd:pure-ftpdpureftpd pure-ftpdeq0.98.2a
pureftpd:pure-ftpdpureftpd pure-ftpdeq1.0.6
pureftpd:pure-ftpdpureftpd pure-ftpdeq0.97.3

CPE	Name	Operator	Version
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	0.97-final
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	1.0.19
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	1.0.10
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	0.97pre1
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	0.98-final
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	0.95
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	0.97pre4
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	0.98.2a
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	1.0.6
pureftpd:pure-ftpd	pureftpd pure-ftpd	eq	0.97.3