CVE-2020-1939

EPSS 0.87%
Veröffentlicht 12.05.2020 15:15:12
Zuletzt bearbeitet 21.11.2024 05:11:39
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Nuttx Version >= 6.15 <= 8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.87%	0.731

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.apache.org/thread.html/re3adc65ff4d8d9c34e5bccba3941a28cbb0a47191c150df2727e101d%40%3Cdev.nuttx.apache.org%3E

Patch

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2020-1939

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1939

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1939

EUVD