Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-20277 | 1 Troglobit | 1 Uftpd | 2022-12-13 | 7.5 HIGH | 9.8 CRITICAL |
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | |||||
CVE-2020-20276 | 1 Troglobit | 1 Uftpd | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. | |||||
CVE-2020-14149 | 1 Troglobit | 1 Uftpd | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. | |||||
CVE-2020-5221 | 1 Troglobit | 1 Uftpd | 2020-01-30 | 6.4 MEDIUM | 7.2 HIGH |
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11 | |||||
CVE-2020-5204 | 1 Troglobit | 1 Uftpd | 2020-01-18 | 6.5 MEDIUM | 8.8 HIGH |
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11 |