7.5

CVE-2020-9274

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PureftpdPure-ftpd Version < 1.0.50
DebianDebian Linux Version8.0
FedoraprojectFedora Version30
FedoraprojectFedora Version31
FedoraprojectFedora Version32
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.81% 0.922
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
https://security.gentoo.org/glsa/202003-54
Third Party Advisory
https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4515-1/
Third Party Advisory
https://www.pureftpd.org/project/pure-ftpd/news/
Vendor Advisory