Resource Exhaustion Affecting pure-ftpd package, versions *
Threat Intelligence
EPSS
0.27% (67th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-PUREFTPD-540436
- published 1 Jan 2020
- disclosed 31 Dec 2019
Introduced: 31 Dec 2019
CVE-2019-20176 Open this link in a new tabHow to fix?
There is no fixed version for Debian:9 pure-ftpd.
NVD Description
Note: Versions mentioned in the description apply only to the upstream pure-ftpd package and not the pure-ftpd package as distributed by Debian.
See How to fix? for Debian:9 relevant fixed versions and status.
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
References
- https://security-tracker.debian.org/tracker/CVE-2019-20176
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
- https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
CVSS Scores
version 3.1