CVE-2023-2990

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-2990
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability Vendor Advisory
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/ Exploit Third Party Advisory
https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability Vendor Advisory
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:globalscape:eft_server:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:59

Type Values Removed Values Added
References () https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability - Vendor Advisory () https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability - Vendor Advisory
References () https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/ - Exploit, Third Party Advisory () https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/ - Exploit, Third Party Advisory

30 Jun 2023, 18:38

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-22 20:15

Updated : 2024-11-21 07:59

NVD link : CVE-2023-2990

Mitre link : CVE-2023-2990

CVE.ORG link : CVE-2023-2990

JSON object : View

Products Affected

globalscape

  • eft_server
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-674

Uncontrolled Recursion