The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2015-10-08 22:59
Updated : 2016-12-07 19:11
NVD link : CVE-2015-5917
Mitre link : CVE-2015-5917
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
apple
- mac_os_x
netbsd
- tnftpd