
CVE-2021-40524
https://notcve.org/view.php?id=CVE-2021-40524
05 Sep 2021 — In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.) En Pure-FTPd antes de la versión 1.0.50, un mecanismo incorrecto de cuota max_filesize en el servidor permite a los atacantes subir archivos de tamaño no limitado, lo que puede llev... • https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2020-9274 – Gentoo Linux Security Advisory 202003-54
https://notcve.org/view.php?id=CVE-2020-9274
26 Feb 2020 — An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Se detectó un problema en Pure-FTPd versión 1.0.49. • https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa • CWE-824: Access of Uninitialized Pointer •

CVE-2020-9365 – Gentoo Linux Security Advisory 202003-54
https://notcve.org/view.php?id=CVE-2020-9365
24 Feb 2020 — An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. Se detectó un problema en Pure-FTPd versión 1.0.49. Ha sido detectado una lectura fuera de límites (OOB) en la función pure_strcmp en el archivo utils.c. Multiple vulnerabilities have been found in Pure-FTPd, the worst of which could allow remote attackers to cause a Denial of Service condition. • https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e • CWE-125: Out-of-bounds Read •

CVE-2019-20176
https://notcve.org/view.php?id=CVE-2019-20176
31 Dec 2019 — In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. En Pure-FTPd versión 1.0.49, Se descubrió un problema de agotamiento de la pila en la función listdir en el archivo ls.c. • https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 • CWE-400: Uncontrolled Resource Consumption •