CVE-2020-5204 — Vulnetix

CVE-2020-5204 PUBLISHED CVSS 6.5 MEDIUM

In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11

EPSS 0.69% · 72.2th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS Score

0.69%

72.2th percentile

Affected Products

Vendor	Product	Versions
troglobit	uftpd	< 2.11, 0

Exploit Intelligence

https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq (circl)
https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd (circl)
openSUSE-SU-2020:0069 (circl)

Timeline

Jan 6, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Mar 7, 2023 EPSS Score

References

https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq url
https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd url
openSUSE-SU-2020:0069 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-5204 advisory

Open in Interactive Console →