5 matches found
CVE-2020-14149
In uftpd before 2.12, handleCWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command...
SUSE CVE-2020-14149
In uftpd before 2.12, handleCWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command...
OPENSUSE-SU-2020:0865-1 Security update for uftpd
This update for uftpd fixes the following issues: uftpd was updated to version 2.12. Changes: Use common log message format and log level when user enters an invalid path. This unfortunately affects changes introduced in v2.11 to increase logging at default log level. Security fixes: -...
Security update for uftpd (moderate)
openSUSE Security Update: Security update for uftpd Announcement ID: openSUSE-SU-2020:0865-1 Rating: moderate References: 1172959 Cross-References: CVE-2020-14149 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for uftpd fixe...
CVE-2020-14149
Summary: CVE-2020-14149 affects uftpd prior to version 2.12. The vulnerability is a NULL pointer dereference in handle_CWD (ftpcmd.c) when processing user-supplied paths, exemplified by a CWD /.. command, leading to denial of service. Affected product/version: uftpd up to 2.11 (pre-2.12). Root ca...