CyberSec.Space Logo
Back to CVE Browser

CVE-2020-9365

HIGH
7.5
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile7.09th
PublishedFeb 24, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.

Affected Platforms (CPE)

πŸ“¦
Pureftpd

Pure Ftpd

= 1.0.49
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Fedoraproject

Fedora

= 31
πŸ’»
Fedoraproject

Fedora

= 32

References & Advisories

πŸ”— https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e
πŸ”— https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
πŸ”— https://security.gentoo.org/glsa/202003-54
πŸ”— https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e
πŸ”— https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da

Related Vulnerabilities

CVE-2017-121709.8

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configur...

CVE-2020-92747.5

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked lis...

CVE-2020-353597.5

Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection li...

CVE-2019-201767.5

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.