GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
References
Configurations
History
21 Nov 2024, 00:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/32218 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/4422 - | |
References | () http://www.securityfocus.com/bid/31729 - | |
References | () http://www.vupen.com/english/advisories/2008/2794 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/45818 - | |
References | () https://www.exploit-db.com/exploits/6738 - |
Information
Published : 2008-10-15 20:00
Updated : 2024-11-21 00:52
NVD link : CVE-2008-4572
Mitre link : CVE-2008-4572
CVE.ORG link : CVE-2008-4572
JSON object : View
Products Affected
guildftpd
- guildftpd
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer