{"containers": {"cna": {"affected": [{"product": "uftpd", "vendor": "troglobit", "versions": [{"status": "affected", "version": "< 2.11"}]}], "descriptions": [{"lang": "en", "value": "In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-01-18T18:06:05", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd"}, {"name": "openSUSE-SU-2020:0069", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html"}], "source": {"advisory": "GHSA-wrpr-xw7q-9wvq", "discovery": "UNKNOWN"}, "title": "Buffer overflow vulnerability in uftpd", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5204", "STATE": "PUBLIC", "TITLE": "Buffer overflow vulnerability in uftpd"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "uftpd", "version": {"version_data": [{"version_value": "< 2.11"}]}}]}, "vendor_name": "troglobit"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq", "refsource": "CONFIRM", "url": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq"}, {"name": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd", "refsource": "MISC", "url": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd"}, {"name": "openSUSE-SU-2020:0069", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html"}]}, "source": {"advisory": "GHSA-wrpr-xw7q-9wvq", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:22:08.699Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd"}, {"name": "openSUSE-SU-2020:0069", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5204", "datePublished": "2020-01-06T19:10:12", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2024-08-04T08:22:08.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:troglobit:uftpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "91EBCEEE-1F37-42E3-8C48-41BF050C3BE7", "versionEndExcluding": "2.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11"}, {"lang": "es", "value": "En uftpd versiones anteriores a la versi\u00f3n 2.11, hay una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n handle_PORT en el archivo ftpcmd.c que es causada por un b\u00fafer de 16 bytes de tama\u00f1o que est\u00e1 siendo llenado por medio de la funci\u00f3n sprintf() con una entrada de usuario basada en la cadena del especificador de formato %d.%d.%d.%d. El tama\u00f1o de 16 bytes es correcto para direcciones IPv4 v\u00e1lidas (len('255.255.255.255') == 16), pero el especificador de formato %d permite m\u00e1s de 3 d\u00edgitos. Esto se ha solucionado en la versi\u00f3n 2.11"}], "id": "CVE-2020-5204", "lastModified": "2024-11-21T05:33:40.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-06T20:15:12.523", "references": [{"source": "security-advisories@github.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}