PT-2023-14922 · Unknown · Weston Embedded Uc-Ftps

Kelly Leuschner

Publicado

2023-05-10

Atualizado

2023-05-18

CVE-2022-46377

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Weston Embedded uC-FTPs version 1.98.00

Description An out-of-bounds read issue exists in the PORT command parameter extraction functionality. A specially-crafted set of network packets can lead to denial of service. This occurs when no IP address argument is provided to the PORT command. An attacker can send packets to trigger this issue.

Recommendations For Weston Embedded uC-FTPs version 1.98.00, consider restricting access to the PORT command until a patch is available. As a temporary workaround, ensure that an IP address argument is always provided to the PORT command to minimize the risk of exploitation.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-823

Identificadores relacionados

CVE-2022-46377

Produtos afetados

Weston Embedded Uc-Ftps

PT-2023-14922 · Unknown · Weston Embedded Uc-Ftps

CVE-2022-46377

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5