Martin Clauss

**Name of the Vulnerable Software and Affected Versions** uftpd versions prior to 2.12 **Description** The issue is caused by the mishandling of the path provided by the user in the `handle CWD` function in `ftpcmd.c`, leading to a NULL pointer dereference and denial of service. This can be demonstrated by a CWD `/..` command. **Recommendations** For versions prior to 2.12, update to version 2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `handle CWD` function in `ftpcmd.c` to minimize the risk of exploitation. Avoid using the CWD command with paths that may cause a NULL pointer dereference until the issue is resolved.