Veracode Vulnerability DatabaseVERACODE:26950Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
pure-ftpd is vulnerable to denial of service (DoS). An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pure-ftpd:xenial | eq | 1.0.36 | |
| pure-ftpd:edge | eq | 1.0.49-r0 | |
| pure-ftpd:xenial | eq | 1.0.36 | |
| pure-ftpd:edge | eq | 1.0.49-r0 |
References
github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
lists.debian.org/debian-lts-announce/2020/02/msg00029.html
lists.fedoraproject.org/archives/list/[email protected]/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
lists.fedoraproject.org/archives/list/[email protected]/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
lists.fedoraproject.org/archives/list/[email protected]/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
security.gentoo.org/glsa/202003-54
usn.ubuntu.com/4515-1/
www.pureftpd.org/project/pure-ftpd/news/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N