CVE-2020-5204
MEDIUM
6.5
Our Analysis: Environment Specific
Our model has classified this vulnerability as relevant to Environment Specific Systems, helping your team prioritize efforts effectively.
Published Date
January 6, 2020
Last Modified
November 21, 2024
CVSS Vector
Not Available
Description
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11