Actions
Security #5024
closedftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Affected Versions:
Label:
CVE:
Git IDs:
cf8ed576e09a68886760259055e309e51bf5bec3
Severity:
HIGH
Disclosure Date:
Description
We tend to execute
ptmp = FTPRealloc(line_state->db, line_state->db_len, (line_state->db_len + state->input_len)); if (ptmp == NULL) { FTPFree(line_state->db, line_state->db_len); line_state->db = NULL; line_state->db_len = 0; return -1; } line_state->db = ptmp; memcpy(line_state->db + line_state->db_len, state->input, state->input_len); line_state->db_len += state->input_len; } state->input += state->input_len; state->input_len = 0;
indefinitely.
Updated by Shivani Bhardwaj almost 3 years ago
- Copied to Security #5025: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input added
Updated by Shivani Bhardwaj almost 3 years ago
- Copied to Security #5026: ftp: GetLine function buffers data indefinitely if 0x0a was not found in the frag'd input added
Updated by Jason Ish over 2 years ago
- Status changed from Assigned to In Review
- Assignee changed from Shivani Bhardwaj to Jason Ish
Updated by Jason Ish over 2 years ago
- Related to Bug #5235: ftp: add event when command request or response is too long added
Updated by Victor Julien over 2 years ago
- Tracker changed from Bug to Security
- Severity set to HIGH
Updated by Victor Julien over 2 years ago
- Status changed from In Review to Closed
- Git IDs updated (diff)
Updated by Jason Ish over 2 years ago
- Related to Bug #5281: ftp: don't let first incomplete segment be over maximum length added
Updated by Victor Julien about 2 years ago
- Private changed from Yes to No
- Label deleted (
Needs backport to 5.0, Needs backport to 6.0)
Actions