Vulnerabilities > CVE-2020-14149 - NULL Pointer Dereference vulnerability in Troglobit Uftpd

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
troglobit
CWE-476

Summary

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

Common Weakness Enumeration (CWE)