CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1052

MEDIUM
6.4
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile13.88th
PublishedFeb 27, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.

Affected Platforms (CPE)

πŸ“¦
Netwin

Surgeftp

= 2.3a2

References & Advisories

πŸ”— http://aluigi.altervista.org/adv/surgeftpizza-adv.txt
πŸ”— http://secunia.com/advisories/29096
πŸ”— http://securityreason.com/securityalert/3704
πŸ”— http://www.securityfocus.com/archive/1/488745/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/27993
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/40843
πŸ”— http://aluigi.altervista.org/adv/surgeftpizza-adv.txt
πŸ”— http://secunia.com/advisories/29096

Related Vulnerabilities

CVE-2001-135510.0

Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other ...

CVE-2001-135610.0

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allow...

CVE-2007-37688.5

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malfo...

CVE-2013-47427.5

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute ar...