CVE-2020-14149

Published June 15th, 2020

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

troglobit/uftpd

FTP/TFTP server for Linux that just works™

GitHub

209