PT-2021-22920 · Pure Ftpd+1 · Pure-Ftpd+1

Droidtest

Published

2021-09-05

Updated

2025-11-04

CVE-2021-40524

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Pure-FTPd versions 1.0.23 through 1.0.49

Description The issue arises from an incorrect max filesize quota mechanism in the server, allowing attackers to upload files of unbounded size. This can lead to denial of service or a server hang due to a certain greater-than-zero test not anticipating an initial -1 value.

Recommendations For versions 1.0.23 through 1.0.49, update to version 1.0.50 or later to resolve the issue.

Exploit

Fix

DoS

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-40524

DLA-4360-1

OPENSUSE-SU-2024:11773-1

ROSA-SA-2023-2188

Affected Products

Debian

Pure-Ftpd

PT-2021-22920 · Pure Ftpd+1 · Pure-Ftpd+1

CVE-2021-40524

Weakness Enumeration

Related Identifiers

Affected Products

References · 22