4

CVE-2006-6565

Exploit
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564.  NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Filezilla-projectFilezilla Server Version < 0.9.22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 70.3% 0.993
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558
Third Party Advisory
Product
http://www.vupen.com/english/advisories/2006/4937
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30853
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/2914
Third Party Advisory
Exploit
VDB Entry