CVE-2020-8815

Exploit

EPSS 1.69%
Veröffentlicht 12.02.2020 15:15:14
Zuletzt bearbeitet 21.11.2024 05:39:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Iktm ≫ Bearftp Version < 0.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.69%	0.817

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/kolya5544/BearFTP

Third Party Advisory

https://github.com/kolya5544/BearFTP/blob/f5a8047587c1a96456d4f291c12b038b9ab0d0c5/BearFTP/Program.cs#L503-L525

Third Party Advisory

Exploit

https://github.com/kolya5544/BearFTP/commit/17a6ead72d4a25cbfcef5e27613aa0a5f88a4b26

Patch

Third Party Advisory

https://github.com/kolya5544/BearFTP/commit/66dc9d95e58bca133f265457d32007cdf38b66ad

Patch

Third Party Advisory

https://github.com/kolya5544/BearFTP/releases/tag/0.4.0