CVE-2023-24042

Name of the Vulnerable Software and Affected Versions LightFTP versions 1.0 through 2.2 LightFTP version 2.2

Description A race condition in the software allows an attacker to achieve path traversal via a malformed FTP request. This occurs because a handler thread can use an overwritten context->FileName.

Recommendations For LightFTP versions 1.0 through 2.2, update to a version that fixes the race condition issue. For LightFTP version 2.2, update to a version that fixes the race condition issue. As a temporary workaround, consider restricting access to the FTP service until a patch is available.