ROSA LABROSA-SA-2023-2188Advisory ROSA-SA-2023-2188
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.013 Low
EPSS
Percentile
85.5%
Software: pure-ftpd 1.0.51
OS: ROSA-CHROME
package_evr_string: pure-ftpd-1.0.51-1.src.rpm
CVE-ID: CVE-2020-9274
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: An uninitialized pointer vulnerability has been discovered in the linked list of diraliases. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly identify the end of the linked list and attempt to access a non-existent list item. This is due to init_aliases in diraliases.c.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update pure-ftpd
CVE-ID: CVE-2021-40524
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: In Pure-FTPd before version 1.0.50, an incorrect max_filesize quota mechanism on the server allows attackers to upload files of unlimited size, which can cause a denial of service or server hang. This happens because a certain test greater than zero does not assume an initial value of -1.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update pure-ftpd
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.013 Low
EPSS
Percentile
85.5%