Lucene search

[email protected]CVE-2021-40524

HistorySep 05, 2021 - 7:15 p.m.

CVE-2021-40524

2021-09-0519:15:00

CWE-434

[email protected]

web.nvd.nist.gov

pure-ftpd

cve-2021-40524

file upload

denial of service

server hang

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.6%

JSON

In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)

CPENameOperatorVersion
pureftpd:pure-ftpdpureftpd pure-ftpdlt1.0.50

CPE	Name	Operator	Version
pureftpd:pure-ftpd	pureftpd pure-ftpd	lt	1.0.50

References

github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4

github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50

github.com/jedisct1/pure-ftpd/pull/158

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.6%

JSON

Related for CVE-2021-40524

prion1 ubuntucve1 debiancve1 osv1 cvelist1 rosalinux1