An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Oct 2022, 12:44
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/ - Mailing List, Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202003-54 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/ - Mailing List, Patch, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4515-1/ - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject fedora
Canonical ubuntu Linux Canonical Fedoraproject Fedoraproject extra Packages For Enterprise Linux |
Information
Published : 2020-02-26 16:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-9274
Mitre link : CVE-2020-9274
CVE.ORG link : CVE-2020-9274
JSON object : View
Products Affected
fedoraproject
- extra_packages_for_enterprise_linux
- fedora
pureftpd
- pure-ftpd
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-824
Access of Uninitialized Pointer