Unrated severityNVD Advisory· Published Jan 6, 2020· Updated Aug 4, 2024
Buffer overflow vulnerability in uftpd
CVE-2020-5204
Description
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
3- lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9ddmitrex_refsource_MISC
- github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvqmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.