CVE-2020-36617

Name of the Vulnerable Software and Affected Versions ewxrjk sftpserver (affected versions not specified)

Description A vulnerability was found in the ewxrjk sftpserver, affecting the function sftp parse path of the file parse.c. The manipulation leads to an uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. In some deployment models, this would be considered a vulnerability, and the README specifically warns about avoiding such deployment models.

Recommendations To fix this issue, it is recommended to apply a patch. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. As a temporary workaround, consider disabling the sftp parse path function until a patch is available.