Vulnerability Details CVE-2020-9274
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
- https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
- https://security.gentoo.org/glsa/202003-54
- https://usn.ubuntu.com/4515-1/
- https://www.pureftpd.org/project/pure-ftpd/news/
- https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
- https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
- https://security.gentoo.org/glsa/202003-54
- https://usn.ubuntu.com/4515-1/
- https://www.pureftpd.org/project/pure-ftpd/news/
Products affected by CVE-2020-9274
-
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0
-
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0
-
cpe:2.3:a:pureftpd:pure-ftpd:0.90
-
cpe:2.3:a:pureftpd:pure-ftpd:0.91
-
cpe:2.3:a:pureftpd:pure-ftpd:0.92
-
cpe:2.3:a:pureftpd:pure-ftpd:0.93
-
cpe:2.3:a:pureftpd:pure-ftpd:0.94
-
cpe:2.3:a:pureftpd:pure-ftpd:0.95
-
cpe:2.3:a:pureftpd:pure-ftpd:0.95.1
-
cpe:2.3:a:pureftpd:pure-ftpd:0.95.2
-
cpe:2.3:a:pureftpd:pure-ftpd:0.96
-
cpe:2.3:a:pureftpd:pure-ftpd:0.96.1
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97-final
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97.1
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97.2
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97.3
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97.4
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97.5
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97.6
-
cpe:2.3:a:pureftpd:pure-ftpd:0.97.7
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98.1
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98.2
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98.3
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98.4
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98.5
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98.6
-
cpe:2.3:a:pureftpd:pure-ftpd:0.98.7
-
cpe:2.3:a:pureftpd:pure-ftpd:0.99
-
cpe:2.3:a:pureftpd:pure-ftpd:0.99.1
-
cpe:2.3:a:pureftpd:pure-ftpd:0.99.2
-
cpe:2.3:a:pureftpd:pure-ftpd:0.99.3
-
cpe:2.3:a:pureftpd:pure-ftpd:0.99.4
-
cpe:2.3:a:pureftpd:pure-ftpd:0.99.9
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.0
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.1
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.10
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.11
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.12
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.13
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.14
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.15
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.16
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.17
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.18
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.19
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.2
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.20
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.21
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.22
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.23
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.24
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.25
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.26
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.27
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.28
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.29
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.3
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.30
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.31
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.32
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.34
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.35
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.36
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.37
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.38
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.39
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.4
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.40
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.41
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.42
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.43
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.44
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.45
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.46
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.46-1
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.47
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.48
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.49
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.5
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.6
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.7
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.8
-
cpe:2.3:a:pureftpd:pure-ftpd:1.0.9
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32