CVE-2021-40524
https://notcve.org/view.php?id=CVE-2021-40524
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.) En Pure-FTPd antes de la versión 1.0.50, un mecanismo incorrecto de cuota max_filesize en el servidor permite a los atacantes subir archivos de tamaño no limitado, lo que puede llevar a la denegación de servicio o a la caída del servidor. Esto ocurre porque una determinada prueba mayor que cero no anticipa un valor inicial de -1. • https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4 https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50 https://github.com/jedisct1/pure-ftpd/pull/158 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-35359
https://notcve.org/view.php?id=CVE-2020-35359
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. Pure-FTPd versión 1.0.48, permite a atacantes remotos impedir el uso legítimo del servidor haciendo suficientes conexiones para exceder el límite de conexiones • https://www.exploit-db.com/exploits/49105 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-9274
https://notcve.org/view.php?id=CVE-2020-9274
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Se detectó un problema en Pure-FTPd versión 1.0.49. • https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA https://security.gentoo.org • CWE-824: Access of Uninitialized Pointer •
CVE-2020-9365
https://notcve.org/view.php?id=CVE-2020-9365
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. Se detectó un problema en Pure-FTPd versión 1.0.49. Ha sido detectado una lectura fuera de límites (OOB) en la función pure_strcmp en el archivo utils.c. • https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA https://security.gentoo. • CWE-125: Out-of-bounds Read •
CVE-2019-20176
https://notcve.org/view.php?id=CVE-2019-20176
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. En Pure-FTPd versión 1.0.49, Se descubrió un problema de agotamiento de la pila en la función listdir en el archivo ls.c. • https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV • CWE-400: Uncontrolled Resource Consumption •