PT-2020-20567 · Pure Ftpd+1 · Pure-Ftpd+1

Antonio Norales

Published

2020-02-26

Updated

2024-06-15

CVE-2020-9274

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Pure-FTPd version 1.0.49

Description An issue has been discovered related to an uninitialized pointer vulnerability in the diraliases linked list. The lookup alias(const char alias) or print aliases(void) function fails to correctly detect the end of the linked list, resulting in an attempt to access a non-existent list member. This issue is related to the init aliases function in diraliases.c.

Recommendations For Pure-FTPd version 1.0.49, consider disabling the lookup alias and print aliases functions as a temporary workaround until a patch is available. Restrict access to the diraliases linked list to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

CVE-2020-9274

DLA-2123-1

OPENSUSE-SU-2024:11773-1

ROSA-SA-2023-2188

USN-4515-1

Affected Products

Pure-Ftpd

Ubuntu

PT-2020-20567 · Pure Ftpd+1 · Pure-Ftpd+1

CVE-2020-9274

Weakness Enumeration

Related Identifiers

Affected Products

References · 23