In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00445
Percentile:
0.62489
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
-
CWE-400
: Uncontrolled Resource Consumption
All CAPEC(s)
-
CAPEC-147: XML Ping of the Death
-
CAPEC-227: Sustained Client Engagement
-
CAPEC-492: Regular Expression Exponential Blowup
CAPEC(s) with Mapped TTPs
-
CAPEC-227: Sustained Client Engagement
Mapped TTPs:
-
T1499
: Endpoint Denial of Service
Mapped ATT&CK TTPs
-
T1499
: Endpoint Denial of Service
Kill Chain: impact
Malware
APTs Threat Group Associations
Campaigns
Affected Products
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.49:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
← Back to Home