WinSCP 5.17.8 FTP Server denial of service

voceeditHistoryDiffjsonxmlCTI

Un punto di debole di livello problematico è stato rilevato in WinSCP 5.17.8 (Connectivity Software). Interessato da questa vulnerabilità è una funzione sconosciuta del componente FTP Server Handler. Informazioni riguardo una possibile contromisura non sono al momento disponibili. Si suggerisce di sostituire il prodotto con uno equivalente.

Campo24/11/2020 08:12 AM10/12/2020 08:30 AM10/12/2020 08:32 AM
nameWinSCPWinSCPWinSCP
version5.17.85.17.85.17.8
componentFTP Server HandlerFTP Server HandlerFTP Server Handler
cwe404 (denial of service)404 (denial of service)404 (denial of service)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
urlhttps://winscp.net/forum/viewtopic.php?t=30085https://winscp.net/forum/viewtopic.php?t=30085https://winscp.net/forum/viewtopic.php?t=30085
confirm_urlhttps://winscp.net/tracker/1924https://winscp.net/tracker/1924https://winscp.net/tracker/1924
cveCVE-2020-28864CVE-2020-28864CVE-2020-28864
date1606172400 (24/11/2020)1606172400 (24/11/2020)1606172400 (24/11/2020)
typeConnectivity SoftwareConnectivity SoftwareConnectivity Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore2.62.62.6
cvss2_vuldb_tempscore2.62.62.6
cvss3_vuldb_basescore3.13.13.1
cvss3_vuldb_tempscore3.13.13.1
cvss3_meta_basescore3.13.16.4
cvss3_meta_tempscore3.13.16.4
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16054812001605481200
cve_nvd_summaryBuffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss2_nvd_basescore7.5
cvss3_nvd_basescore9.8

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!