VYPR

uftpd

by Uftpd

Source repositories

CVEs (3)

  • CVE-2020-5204MedJan 6, 2020
    risk 0.35cvss 6.5epss 0.01

    In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4…

  • CVE-2020-20277CriDec 18, 2020
    risk 0.05cvss 9.8epss 0.25

    There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files…

  • CVE-2020-20276CriDec 18, 2020
    risk 0.00cvss 9.8epss 0.03

    An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.