An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.
References
Link | Resource |
---|---|
https://github.com/weston-embedded/uC-FTPs/pull/2 | Patch |
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681 | Exploit Mitigation Third Party Advisory |
https://github.com/weston-embedded/uC-FTPs/pull/2 | Patch |
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681 | Exploit Mitigation Third Party Advisory |
Configurations
History
21 Nov 2024, 07:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://github.com/weston-embedded/uC-FTPs/pull/2 - Patch | |
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681 - Exploit, Mitigation, Third Party Advisory |
18 May 2023, 21:23
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:weston-embedded:uc-ftps:1.98.00:*:*:*:*:*:*:* | |
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/weston-embedded/uC-FTPs/pull/2 - Patch | |
References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681 - Exploit, Mitigation, Third Party Advisory |
10 May 2023, 17:06
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-10 16:15
Updated : 2024-11-21 07:30
NVD link : CVE-2022-46378
Mitre link : CVE-2022-46378
CVE.ORG link : CVE-2022-46378
JSON object : View
Products Affected
weston-embedded
- uc-ftps