QwikSec

Security Database

CVE

CWE

Training

CVE-2020-9274

Published: Feb 26, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa

x_refsource_MISC

https://www.pureftpd.org/project/pure-ftpd/news/

x_refsource_MISC

[debian-lts-announce] 20200228 [SECURITY] [DLA 2123-1] pure-ftpd security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

FEDORA-2020-5ac8d4c11a

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-84fb0920fd

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-fa83ea0492

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.