CVE-2020-5204

Published: Jan 6, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11

Vendor	Product	Versions
troglobit	uftpd	affected `< 2.11`

Weaknesses (CWE)

CWE-121

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq

x_refsource_CONFIRM

https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd

x_refsource_MISC

openSUSE-SU-2020:0069

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-5204

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References