Actions
Security #5025
closedftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Affected Versions:
Label:
CVE:
Git IDs:
9f10e338108bc26ec53af6d5ac53126d06f723e5
b2da5e86ea9315ad876e50bb95dcb8be70f959b5
Severity:
MODERATE
Disclosure Date:
Description
We tend to execute
ptmp = FTPRealloc(line_state->db, line_state->db_len,
(line_state->db_len + state->input_len));
if (ptmp == NULL) {
FTPFree(line_state->db, line_state->db_len);
line_state->db = NULL;
line_state->db_len = 0;
return -1;
}
line_state->db = ptmp;
memcpy(line_state->db + line_state->db_len,
state->input, state->input_len);
line_state->db_len += state->input_len;
}
state->input += state->input_len;
state->input_len = 0;
indefinitely.
Updated by Shivani Bhardwaj about 2 years ago
- Copied from Security #5024: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input added
Updated by Shivani Bhardwaj about 2 years ago
- Assignee changed from Shivani Bhardwaj to Jeff Lucovsky
The fix will have to be backported from 6.0.x and not master
Updated by Jason Ish about 2 years ago
- Related to Bug #5235: ftp: add event when command request or response is too long added
Updated by Jason Ish about 2 years ago
- Related to deleted (Bug #5235: ftp: add event when command request or response is too long)
Updated by Jason Ish almost 2 years ago
- Assignee changed from Jeff Lucovsky to Jason Ish
Updated by Jason Ish almost 2 years ago
- Status changed from Assigned to In Review
Updated by Victor Julien almost 2 years ago
- Tracker changed from Bug to Security
- Severity set to MODERATE
Updated by Jason Ish almost 2 years ago
- Status changed from Resolved to Closed
- Git IDs updated (diff)
Actions