Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2011-0418
HistoryMay 24, 2011 - 11:55 p.m.

CVE-2011-0418

2011-05-2423:55:01
CWE-20
[email protected]
web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.2%

JSON

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

Affected configurations

NVD
Node
pureftpdpure-ftpdRange1.0.31
OR
pureftpdpure-ftpdMatch0.90
OR
pureftpdpure-ftpdMatch0.91
OR
pureftpdpure-ftpdMatch0.92
OR
pureftpdpure-ftpdMatch0.93
OR
pureftpdpure-ftpdMatch0.94
OR
pureftpdpure-ftpdMatch0.95
OR
pureftpdpure-ftpdMatch0.95-pre1
OR
pureftpdpure-ftpdMatch0.95-pre2
OR
pureftpdpure-ftpdMatch0.95-pre3
OR
pureftpdpure-ftpdMatch0.95-pre4
OR
pureftpdpure-ftpdMatch0.95.1
OR
pureftpdpure-ftpdMatch0.95.2
OR
pureftpdpure-ftpdMatch0.96
OR
pureftpdpure-ftpdMatch0.96.1
OR
pureftpdpure-ftpdMatch0.96pre1
OR
pureftpdpure-ftpdMatch0.97-final
OR
pureftpdpure-ftpdMatch0.97.1
OR
pureftpdpure-ftpdMatch0.97.2
OR
pureftpdpure-ftpdMatch0.97.3
OR
pureftpdpure-ftpdMatch0.97.4
OR
pureftpdpure-ftpdMatch0.97.5
OR
pureftpdpure-ftpdMatch0.97.6
OR
pureftpdpure-ftpdMatch0.97.7
OR
pureftpdpure-ftpdMatch0.97.7pre1
OR
pureftpdpure-ftpdMatch0.97.7pre2
OR
pureftpdpure-ftpdMatch0.97.7pre3
OR
pureftpdpure-ftpdMatch0.97pre1
OR
pureftpdpure-ftpdMatch0.97pre2
OR
pureftpdpure-ftpdMatch0.97pre3
OR
pureftpdpure-ftpdMatch0.97pre4
OR
pureftpdpure-ftpdMatch0.97pre5
OR
pureftpdpure-ftpdMatch0.98-final
OR
pureftpdpure-ftpdMatch0.98.1
OR
pureftpdpure-ftpdMatch0.98.2
OR
pureftpdpure-ftpdMatch0.98.2a
OR
pureftpdpure-ftpdMatch0.98.3
OR
pureftpdpure-ftpdMatch0.98.4
OR
pureftpdpure-ftpdMatch0.98.5
OR
pureftpdpure-ftpdMatch0.98.6
OR
pureftpdpure-ftpdMatch0.98.7
OR
pureftpdpure-ftpdMatch0.98pre1
OR
pureftpdpure-ftpdMatch0.98pre2
OR
pureftpdpure-ftpdMatch0.99
OR
pureftpdpure-ftpdMatch0.99.1
OR
pureftpdpure-ftpdMatch0.99.1a
OR
pureftpdpure-ftpdMatch0.99.1b
OR
pureftpdpure-ftpdMatch0.99.2
OR
pureftpdpure-ftpdMatch0.99.2a
OR
pureftpdpure-ftpdMatch0.99.3
OR
pureftpdpure-ftpdMatch0.99.4
OR
pureftpdpure-ftpdMatch0.99.9
OR
pureftpdpure-ftpdMatch0.99a
OR
pureftpdpure-ftpdMatch0.99b
OR
pureftpdpure-ftpdMatch0.99pre1
OR
pureftpdpure-ftpdMatch0.99pre2
OR
pureftpdpure-ftpdMatch1.0.0
OR
pureftpdpure-ftpdMatch1.0.1
OR
pureftpdpure-ftpdMatch1.0.2
OR
pureftpdpure-ftpdMatch1.0.3
OR
pureftpdpure-ftpdMatch1.0.4
OR
pureftpdpure-ftpdMatch1.0.5
OR
pureftpdpure-ftpdMatch1.0.6
OR
pureftpdpure-ftpdMatch1.0.7
OR
pureftpdpure-ftpdMatch1.0.8
OR
pureftpdpure-ftpdMatch1.0.9
OR
pureftpdpure-ftpdMatch1.0.10
OR
pureftpdpure-ftpdMatch1.0.11
OR
pureftpdpure-ftpdMatch1.0.12
OR
pureftpdpure-ftpdMatch1.0.13a
OR
pureftpdpure-ftpdMatch1.0.14
OR
pureftpdpure-ftpdMatch1.0.15
OR
pureftpdpure-ftpdMatch1.0.16a
OR
pureftpdpure-ftpdMatch1.0.16b
OR
pureftpdpure-ftpdMatch1.0.16c
OR
pureftpdpure-ftpdMatch1.0.17
OR
pureftpdpure-ftpdMatch1.0.17a
OR
pureftpdpure-ftpdMatch1.0.18
OR
pureftpdpure-ftpdMatch1.0.19
OR
pureftpdpure-ftpdMatch1.0.20
OR
pureftpdpure-ftpdMatch1.0.21
OR
pureftpdpure-ftpdMatch1.0.22
OR
pureftpdpure-ftpdMatch1.0.24
OR
pureftpdpure-ftpdMatch1.0.25
OR
pureftpdpure-ftpdMatch1.0.26
OR
pureftpdpure-ftpdMatch1.0.27
OR
pureftpdpure-ftpdMatch1.0.28
OR
pureftpdpure-ftpdMatch1.0.29
OR
pureftpdpure-ftpdMatch1.0.30
Node
netbsdnetbsdMatch5.1

Related

prion 2
openvas 8
cve 2
fedora 2
ubuntucve 1
nessus 5
securityvulns 5
debiancve 1
cvelist 2
gentoo 1
nvd 1
freebsd 1
exploitpack 1
seebug 1
exploitdb 1
packetstorm 1
prion
prion
Command injection
2011-05-24 23:55:00
Integer overflow
2011-05-24 23:55:00
openvas
openvas
Fedora Update for pure-ftpd FEDORA-2011-7374
2011-06-24 00:00:00
Mandriva Update for pure-ftpd MDVSA-2011:094 (pure-ftpd)
2011-05-23 00:00:00
Fedora Update for pure-ftpd FEDORA-2011-7374
2011-06-24 00:00:00
cve
cve
CVE-2011-0418
2011-05-24 23:55:01
CVE-2011-2168
2011-05-24 23:55:04
fedora
fedora
[SECURITY] Fedora 15 Update: pure-ftpd-1.0.32-1.fc15
2011-05-30 22:34:29
[SECURITY] Fedora 14 Update: pure-ftpd-1.0.32-1.fc14
2011-06-21 17:38:38
ubuntucve
ubuntucve
CVE-2011-0418
2011-05-24 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : pure-ftpd (MDVSA-2011:094)
2011-05-20 00:00:00
Fedora 14 : pure-ftpd-1.0.32-1.fc14 (2011-7374)
2011-06-22 00:00:00
Fedora 15 : pure-ftpd-1.0.32-1.fc15 (2011-7434)
2011-05-31 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:094 ] pure-ftpd
2011-05-21 00:00:00
MacOSX 10.8.3 ftpd Remote Resource Exhaustion
2013-04-15 00:00:00
libc glob() resources exhaustion
2013-04-15 00:00:00
debiancve
debiancve
CVE-2011-0418
2011-05-24 23:55:01
cvelist
cvelist
CVE-2011-0418
2011-05-24 23:00:00
CVE-2011-2168
2011-05-24 23:00:00
gentoo
gentoo
Pure-FTPd: Multiple vulnerabilities
2011-10-26 00:00:00
nvd
nvd
CVE-2011-2168
2011-05-24 23:55:04
freebsd
freebsd
pureftpd -- multiple vulnerabilities
2011-04-01 00:00:00
exploitpack
exploitpack
FreeBSD 9.1 - ftpd Remote Denial of Service
2013-02-05 00:00:00
seebug
seebug
FreeBSD 9.1 ftpd Remote Denial of Service
2014-07-01 00:00:00
exploitdb
exploitdb
FreeBSD 9.1 - 'ftpd' Remote Denial of Service
2013-02-05 00:00:00
packetstorm
packetstorm
Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion
2011-05-03 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.2%

JSON
Related for NVD:CVE-2011-0418
prion2openvas8cve2fedora2ubuntucve1nessus5securityvulns5debiancve1cvelist2gentoo1nvd1freebsd1exploitpack1seebug1exploitdb1packetstorm1