The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2011-05-24 23:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-0418
Mitre link : CVE-2011-0418
CVE.ORG link : CVE-2011-0418
JSON object : View
Products Affected
pureftpd
- pure-ftpd
netbsd
- netbsd
CWE
CWE-20
Improper Input Validation