ID
VAR-202001-1606
CVE
CVE-2020-5204
TITLE
uftpd Vulnerable to classical buffer overflow
Trust: 0.8
DESCRIPTION
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11. uftpd Contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | troglobit | model: | uftpd | scope: | lt | version: | 2.11 | Trust: 1.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.8 |
| problemtype: | CWE-121 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | FTP: Fix buffer overflow in PORT parser, reported by Aaron Esau | url: | https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd | Trust: 0.8 |
| title: | Buffer Overflow | url: | https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq | Trust: 0.8 |
| title: | uftpd Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108297 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-5204 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2020-001054 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202001-145 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/troglobit/uftpd/security/advisories/ghsa-wrpr-xw7q-9wvq | Trust: 1.6 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html | Trust: 1.6 |
| url: | https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-5204 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5204 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/uftpd-buffer-overflow-via-handle-port-31368 | Trust: 0.6 |
SOURCES
| db: | JVNDB | id: | JVNDB-2020-001054 |
| db: | CNNVD | id: | CNNVD-202001-145 |
| db: | NVD | id: | CVE-2020-5204 |
LAST UPDATE DATE
2024-11-23T22:25:37.372000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2020-001054 | date: | 2020-01-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-202001-145 | date: | 2020-05-20T00:00:00 |
| db: | NVD | id: | CVE-2020-5204 | date: | 2024-11-21T05:33:40.420 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2020-001054 | date: | 2020-01-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-202001-145 | date: | 2020-01-06T00:00:00 |
| db: | NVD | id: | CVE-2020-5204 | date: | 2020-01-06T20:15:12.523 |