CVE-2020-36617
MEDIUM
4,6
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
Description
AI Translation Available
A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0040
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
908
Use of Uninitialized Resource
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Potential Impacts:
Read Memory
Read Application Data
Dos: Crash, Exit, Or Restart
Applicable Platforms
All platforms may be affected
Application
Sftpserver by Greenend
Version Range Affected
To
2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:greenend:sftpserver:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/ewxrjk/sftpserver/commit/bf4032f34832ee11d79aa60a226cc018e7e…
https://vuldb.com/?id.216205
https://github.com/ewxrjk/sftpserver/commit/bf4032f34832ee11d79aa60a226cc018e7e…
https://vuldb.com/?id.216205