Vulnerabilities > CVE-2020-14149 - NULL Pointer Dereference vulnerability in Troglobit Uftpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00052.html
- https://bugs.gentoo.org/726308
- https://bugs.gentoo.org/726308
- https://github.com/troglobit/uftpd/issues/30
- https://github.com/troglobit/uftpd/issues/30
- https://github.com/troglobit/uftpd/releases/tag/v2.12
- https://github.com/troglobit/uftpd/releases/tag/v2.12