uftpd up to 2.10 ftpcmd.c handle_PORT stack-based overflow

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in uftpd up to 2.10 (File Transfer Software) and classified as critical. This issue affects the function handle_PORT of the file ftpcmd.c. Upgrading to version 2.11 eliminates this vulnerability.

Field01/07/2020 11:16 AM01/07/2020 11:21 AM
nameuftpduftpd
version<=2.10<=2.10
fileftpcmd.cftpcmd.c
functionhandle_PORThandle_PORT
risk22
cvss2_vuldb_basescore6.06.0
cvss2_vuldb_tempscore4.74.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore6.56.5
cvss3_meta_tempscore5.75.7
cvss3_vuldb_basescore6.56.5
cvss3_vuldb_tempscore5.75.7
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sCC
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1578268800 (01/06/2020)1578268800 (01/06/2020)
locationGitHub RepositoryGitHub Repository
urlhttps://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvqhttps://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version2.112.11
cveCVE-2020-5204CVE-2020-5204
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcUCUC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcUU
cvss3_nvd_basescore6.56.5
typeFile Transfer Software
cwe0121 (memory corruption)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aL
cve_assigned1577923200
cve_nvd_summaryIn uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11

Do you want to use VulDB in your project?

Use the official API to access entries easily!