PT-2020-18301 · Uftpd+1 · Uftpd+1

Aaron Esau

Published

2020-01-06

Updated

2020-01-18

CVE-2020-5204

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions uftpd versions prior to 2.11

Description The issue is caused by a buffer overflow in the handle PORT function in ftpcmd.c. This occurs when a 16-byte buffer is filled with user input via sprintf() using the format specifier string %d.%d.%d.%d. Although the 16-byte size is sufficient for valid IPv4 addresses, the %d format specifier allows for more than 3 digits, leading to a potential overflow.

Recommendations For versions prior to 2.11, update to version 2.11 to resolve the issue.

Fix

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-121

Related Identifiers

CVE-2020-5204

GHSA-WRPR-XW7Q-9WVQ

OPENSUSE-SU-2020:0069-1

OPENSUSE-SU-2020_0069-1

Affected Products

Suse

Uftpd

PT-2020-18301 · Uftpd+1 · Uftpd+1

CVE-2020-5204

Weakness Enumeration

Related Identifiers

Affected Products

References · 9