Vulnerability Details : CVE-2023-2990
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service
Vulnerability category: Denial of service
Products affected by CVE-2023-2990
- cpe:2.3:a:globalscape:eft_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2990
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2990
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-2990
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: cve@rapid7.con (Secondary)
-
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-2990
-
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED] | Rapid7 BlogExploit;Third Party Advisory
-
https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability
Is EFT susceptible to the "Denial of service via recursive Deflate Stream" vulnerability?Vendor Advisory
Jump to