PT-2020-15177 · Apache · Apache Nuttx
Published
2020-05-12
·
Updated
2020-05-19
·
CVE-2020-1939
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache NuttX (Incubating) versions 6.15 through 8.2
Description
The issue is related to a NULL pointer dereference bug in the ftpd component of the optional "apps" repository. The NuttX RTOS itself is not affected. Only users who have enabled ftpd in the optional apps repository are impacted.
Recommendations
For versions 6.15 through 8.2, consider disabling the ftpd component as a temporary workaround until a patch is available. Restrict access to the ftpd service to minimize the risk of exploitation.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Nuttx