CyberSec.Space Logo
Back to CVE Browser

CVE-2020-1939

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile43.22th
PublishedMay 12, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.

Affected Platforms (CPE)

📦
Apache

Nuttx

>= 6.15 and <= 8.2

References & Advisories

🔗 https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E
🔗 https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E

Related Vulnerabilities

CVE-2020-175299.8

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows a...

CVE-2021-264619.8

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improp...

CVE-2020-175289.1

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows a...

CVE-2018-205787.5

An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mis...