CVE-2020-20276

moderate-risk
Published 2020-12-18

An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.

Do I need to act?

~
4.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Uftpd

Affected Vendors

Troglobit

References (4)

Third Party Advisory https://arinerron.com/blog/posts/6
Patch https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9...
Third Party Advisory https://arinerron.com/blog/posts/6
Patch https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9...
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal