Vulnerability Details : CVE-2020-9365
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
Products affected by CVE-2020-9365
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.49:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-9365
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-9365
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-9365
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-9365
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
[SECURITY] Fedora 30 Update: pure-ftpd-1.0.49-5.fc30 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
[SECURITY] Fedora 32 Update: pure-ftpd-1.0.49-5.fc32 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e
pure_strcmp(): len(s2) can be > len(s1) · jedisct1/pure-ftpd@36c6d26 · GitHubPatch;Third Party Advisory
-
https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da
pure_strcmp(): len(s2) can be > len(s1) · jedisct1/pure-ftpd@bf6fcd4 · GitHubPatch;Third Party Advisory
-
https://security.gentoo.org/glsa/202003-54
Pure-FTPd: Multiple vulnerabilities (GLSA 202003-54) — Gentoo securityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
[SECURITY] Fedora 31 Update: pure-ftpd-1.0.49-5.fc31 - package-announce - Fedora Mailing-ListsThird Party Advisory
Jump to